Are You Ready For GDPR?
Here at HITS we like to keep a close eye on any forthcoming regulations that will impact our clients. The latest development to be aware of is GDPR, also known as General Data Protection Regulation. It will become enforceable from 25th May 2018. This regulation will dictate the procedures for the control of personal data and the consequences and notifications required for data breaches. It will apply not only to your website but also other areas of your business organisation.
Key Points About GDPR
Personal data – This applies to ‘personal data’ – any information relating to an identifiable person who can be directly or indirectly identified.
Consent – All individuals must be provided with accurate information such as the data you are collecting and processing and why. Individuals must give consent to have their data stored and this must be freely given, informed and unambiguous.
Right to be forgotten – Individuals have the right to request that their personal data is deleted or removed, where there is no compelling reason for you to continue to process it.
Notifications of breaches – All organisations must report data breaches to the ICO within 72 hours unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
Special categories of data – There are new provisions for certain data such as for children and genetic, medical and biometric data which are more stringent.
Check What You Do With Information
- Are you are registered with the ICO?
- What personal data do you store at the moment? For example (Leads, Customers, Networking, Suppliers)
- How did you obtain this personal information?
- How long have you held this information?
- Who do you share it with, for example suppliers?
- How is it stored (paper or electronic)?
- If electronic, where do you store this information?
Check Your Processes
- Do you have a lawful reason to hold the personal data? Article 6(1) of the GDPR sets out the six possible reasons for the processing of personal data to be lawful.
- Do you need all this personal data?
- What are your processes for recording and managing consent? Do you need to make any changes?
- Refresh existing consents if they do not meet the standard
- Do you have a process in place to detect, report and investigate a data breach?
Review Your Policies
- Privacy by design – if necessary do a privacy impact assessment.
- How are you keeping the personal data secure?
- Review your website privacy & cookie policies.
- Review your consent wording.
- Review your wording on communication with contacts.
- Review contracts and terms with customers and suppliers.
Summary Of GPDR Actions
You should now know and have written down…
- What data you have?
- Where it is?
- Who has access?
- How it is processed?
- What are your data protection responsibilities?
If you are using open source software such as WordPress for your website then it is particularly important that you are aware of any security vulnerabilities and patch them straight away. Proactive website maintenance will be vital. Already the ICO has fined a couple of organisations where data breaches were caused by open source software not being kept up to date.
How Can We Help?
Thanks to our website solutions being bespoke through design rather than code, HITS is able to constantly update the digital framework on which they are built. As soon as the new regulatory compliant plug-ins from WordPress and WooCommerce are released we will implement them across all our client sites as quickly as possible, at no additional cost. This will ensure that all our clients can be GDPR compliant for 25th May 2018 when the new regulations become enforceable.
HITS – A Creative Web Design Agency based in Hampshire
Established in 2010, HITS works with a broad range of dynamic local and regional businesses. We have extensive experience in Website Design, Ecommerce, Graphic Design and SEO Services. We’re all about providing creative solutions that give small and medium-sized companies the chance to become big companies. As our clients grow, we grow. We love what we do and we couldn’t consider doing anything else.
If you would like to find out more then please contact us on 01264 316141 or via email at email@example.com