Skip to main content

What’s all this about GDPR?

What’s all this about GDPR?

What’s all this about GDPR?
Click to enlarge

How do the new data protection laws affect me?

Your inbox has probably been steadily filling up with messages about compliance with GDPR, a new European privacy law, and you may be wondering how this applies to your website and whether you should be doing something about it.

The deadline for GDPR compliance is 25 May 2018, so it’s approaching fast, and if you hold data about your website users, clients and employees, then there are almost certainly actions you need to take, and you could be fined if you don’t comply. First of all, find out what GDPR is.

What is GDPR?

GDPR is the General Data Protection Regulation. It’s a European law that attempts to control the collection and handling of personal data. It overrides the Data Protection Act 1998. GDPR covers data that can be used to identify someone and if you collect this type of data, you may have to register with the Information Commissioner’s Office (ICO) as a data controller.

There is a strong strand of trust running through the regulations, which focus on user consent and understanding. Obviously, there are plenty of good reasons to have the trust of your users and clients, and asking for consent when collecting data, and explaining in clear language how you store and use it enhances your status as a reliable and professional organisation.

You must also report data breaches (if you are hacked, for example) to the ICO within 72 hours, and you may need to tell the people whose data you hold.

What are some steps I need to take ahead of GDPR?

GDPR is written up in broad recommendations, rather than detailed rules. This ensures that it can be applied to all the different kinds of organisations that collect personal data and all the different types of data they collect. The Information Commissioner’s Office actually admits that it is not possible to produce a clear GDPR compliance to-do list that is relevant to every business in the country. And this is one reason why it is causing a headache for many organisations.

You can, however, make your own tailored plan by:

  • Taking the ICO’s GDPR self-assessment test
  • Recording all the personal data you hold along with reasons for holding it and how you use it.
  • Having answers – in clear, plain language – ready for when people ask questions about their personal data held by you.
  • Telling people when you collect their data, and also how and why you will use it.
  • Checking your security arrangements: is your cloud storage secure? Is that filing cabinet locked?
  • Planning ahead for a breach of data protection rules.
  • Using the GDPR guidance supplied by ICO.

Your trade or professional organisation may also have advice that is appropriate for your sector and relevant to the sorts of data you collect, and it is well worth finding out what they have to say.

I need to comply with GDPR, but I’m not sure what to do

No worries. The experts at Eonic can help with all your GDPR compliance needs. Just give us a call on 01892 534 044 and find out what a really skilled web strategist can do for your business.