How GDPR affects my website?

Share on FacebookShare on LinkedInTweet about this on TwitterShare on Google+

quote

First, we’d better clear up what GDPR actually is. We’ve all been inundated with emails recently from companies pleading with us to allow them to “keep in contact” – leading to the term trending on Twitter and a plethora of memes poking fun at the widespread panic. We all received the emails, but what does it actually mean for us in the future?

WHAT IS GDPR?

In short, GDPR stands for General Data Protection Regulation; a set of regulations that took the EU over three years to negotiate.

GDPR replaces the Data Protection Directive (1995) which was responsible for setting the minimum requirements, within the EU, for data processing. It gives the regulators more power to enforce the strict guidelines, from Friday 25th May 2018, with hefty fines of up to £17.5m.  

The New York Times explains that “The data regulation law centres on two main principles. The first is that companies need your consent to collect your data. The second is that you should be required to share only data that is necessary to make their services work.”

PURPOSES OF GDPR

The EU Commission describes the goal of GDPR to be: quote2

CONSUMERS

Ultimately, GDPR is for the consumer – for their data protection. Consumers will find that their communication with businesses and organisations becomes more transparent; privacy policies and statements about consent less ambiguous. Consumers can no longer be forced to give access to their information to access a service. The customer can rest assured that if their trust is abused there are now high fines as a consequence. The EU commission states: “The changes will give people more control over their personal data and make it easier to access it. They are designed to make sure that people’s personal information is protected – no matter where it is sent, processed or stored – even outside the EU, as may often be the case on the internet.”

BUSINESS OWNERS

Does your business use data relating to individuals which allows you to identify them? Most businesses do and all of them, regardless of size, have to be GDPR compliant. Even if your business is separate from the EU, if you have any business ties to the EU you must be compliant. Even a small craft business, selling personalised baby clothes, on their Shopify website will have to comply, they need to be aware of what details they hold about each customer – do they email them offers or newsletters? If so they’ll have to carefully follow the GDPR regulations in order to ensure their compliance and avoid hefty, potentially ruinous fines.

WHAT CONSTITUTES ‘PERSONAL DATA’ IN GDPR?

Any information collected that allows the identification of an individual or belongs to them. This includes: names, home or IP addresses and data collected by mobile apps i.e. location data. Some data is seen to be more sensitive and therefore requires further protection and has to be processed using different, specific circumstances; this includes: data that reveals a person’s race or ethnicity, their political views, their religion and sexual orientation.

Organisations, like Facebook, who widely use sensitive data, now require the appointment of a data protection officer.

Article 25: Data Protection by Design and by Default

‘Privacy by design’ is now known as ‘data protection by design and default’ and has become a legal obligation. It ensures that businesses focus on privacy and data protection as a priority in everything they do. Their objective should be refocused on ensuring that data is intrinsically protected in their systems and designs, not protected as an afterthought.[/vc_column_text][/vc_column][/vc_row]

Build Your eCommerce Website!

icons-2

CHANGES WEBSITE OWNERS SHOULD KNOW ABOUT 

  1. Despite being European legislation, GDPR will have a major impact throughout the world. Companies in the USA who trade or provide services to the EU will have to comply in the same manner as EU companies as the data of the European consumer must be protected. The eyes of the world will be on Facebook as they have been widely criticized in the past for their use of personal data and the recent Cambridge Analytica scandal.  Many American companies have been severely unprepared for the changes, like Instapaper – even withdrawing its services to European readers until they catch up with the demands of GDPR.
  2. The financial penalties for non-compliance are severe. Any company not compliant with the new rules can have their global revenue fined by as much as 4%.  This could have a potentially disastrous impact on small-medium businesses.
  3. Policies can no longer be vague or unclear. No longer can you have 200-pages of terms and conditions – with a signature – after it’s been skipped altogether! You must set out the consent you are asking for separately from the terms and conditions. You also need to have separate areas for consent of a different nature, for example permission to contact a client through email, telephone etc. Checkboxes alone are also a no-no.
  4. Systems must be put in place that allow an organisation to quickly access, identify, edit or delete data belonging to individuals. These can be requested by individuals and these requests must be dealt with and responded to within 30 days.
  5. The “right to be forgotten” is a major element of GDPR. Individuals can withdraw, previously given consent, for their data to be used. This right must be transparent, not buried in the small print. A major part of compliance is going to be the ability to respond to these requests through changes to infrastructures.
  6. Data controllers have a 72 hour window to report a breach in data protection for example when data is lost or stolen like the data breach of Uber in 2016 which: “affected some 57 million customers, including both riders and drivers, revealing their names, email address and phone numbers. That affected group included 50 million riders and 7 million drivers; around 600,000 driver license numbers for U.S. drivers were also included in the breach, according to a new report from Bloomberg. Uber did not report the incident to regulators or to affected customers, but instead paid $100,000 to “hackers” to get rid of the data in order to keep the breach under wraps.”
  7. Cookies – nearly all commercial websites require cookies, to process data or keep shopping carts backed up. Cookies are considered to be personal data by GDPR regulations. Now cookies must be used transparently, that is, the agreement to the use of cookies must be clear for the consumer to understand so that they can agree or disagree to their use with awareness.

WHAT TO DO TO ENSURE YOUR WEBSITE COMPLIES WITH GDPR

  • Ensure your data storage methods are secure and that you know how to erase clients’ data if requested. You must also be able to provide a free, electronic copy of the data you hold about an individual at their request.
  • Make sure that all users of your website agree to your (transparent) plans to use and store their data and keep a good record of these agreements.
  • Check that your cookies, checkout process and any sign-up documents are compliant.
  • It is vital that all personnel who handle personal data are trained to understand the changes in the law and how to implement them.
  • Be aware of who is responsible for GDPR compliance; if the marketing team think the IT guys are in charge and vice versa – it could turn out that no one is.
  • Don’t share clients’ information without just cause and permission.
  • If a 3rd party is responsible for the handling of your personal data be confident that they are GDPR compliant and can reassure you that all measures are being taken to avoid breaking the law.
  • Seek professional help if you aren’t confident that you can implement the changes required to ensure compliance.

Cider is a Software Development Company based in the heart of Silicon Valley. We combine business domain knowledge and technology expertise of more than 50 development studios spread around the world. We specialize in custom web development, as well as customization of CMS based websites. We have experience in building websites across different verticals: from eCommerce to Healthcare .

We will be happy to help you analyze current state of your web property and move it to next level together.  Reach out to us for a FREE Quote!

Share on FacebookShare on LinkedInTweet about this on TwitterShare on Google+
Tags:

Our company was looking for a combination graphic designer/software developer to create a stadium-style scoreboard. After looking through reviews and recommendations, we initially contacted five different companies. more

- Matt L. -

I reached out to Cider after doing a search on Yelp for a mobile app dev shop. After reaching out to a few companies, I settled on Cider. Liked their approach and an option of a Discovery phase for my idea. more

- Erast B. -

Cider has been a trusted partner and instrumental in rolling out a number of Salesforce implementation projects for our consulting business. They always deliver on their promises and provide outstanding services. more

- Daniel R. -

Cider reached out to me for the graphic design of my jewel case and cd covers, within an hour of my request, . Even though Ilya told me this was a little out of what they did, he would give it a stab. more

- Carol P. -

We approached Cider to build out our website. Being careful we took our time in discussing the project. Mike took us through the whole process of cementing our requirements and developing the first version of the site. more

- Vlad K. -

Facing significant issues with our original developers our iOS app was delayed from being released by 8 months. Via a recommendation we connected with team Cider and provided them access to our existing build. more

- SF G. -

Send Your Request!