On 25th May 2018 General Data Protection Regulation (GDPR) will come into force, and regardless of Brexit, will have far reaching implications for your website and the way you collect data, your management and use of it.
Why GDPR matters
It’s important for you to know what changes your business needs to implement with regard to your marketing data as this will supersede the existing UK Data Protection Act 1998 (DPA).
How will UK business websites be affected?
The new GDPR requires a clear affirmative action to indicate consent via your website or data capture fields. So pre-ticked boxes, and “tick here if you don’t want us to contact you” are soon to be a thing of the past. Its directive is to both protect and allow people to have more control over their personal data and have a clearer regulatory system that is enforceable in a court of law.
For businesses that share data within and from the EU, the responsibility of cyber-security is clearly placed on the organisation. With the predicted 25% growth in malware for 2017 alone, under the GDPR a data breach could result in huge fines of for companies of up to 20 million euros or 4% of their annual worldwide turnover as a worst case. With a large and real threat of a penalty hanging over how companies distribute, store and delete data, they have no choice but to evolve their website and internal operations. Many companies will have to show that they are up-to-date with the legislation and put into place systems of compliance.
Under the new GDPR rules, should a company suffer a data breach it must be reported with 72 hours. This applies to any company that handles EU citizens’ data and fines can apply outside the EU countries so if you handle any data from outside of the UK, then new compliance will have to take place.
If you’re unsure about where to start with the way in which your website and data capture will now look you should look to implement the following:
- A review of all technical and procedural controls around your data, including the website data that it currently possesses.
- Re-writing all documentation associated with your organisation’s privacy policies so that they are in clear and concise terms.
- Creation of new processes and procedures that will help to handle data subject and data deletion requests.
The new GDPR is not something that should be considered an inconvenience to UK companies. Look at this as an opportunity to be able to cater to the needs of their customers, whilst working to best practice protocols for your companies data. All of which will minimise possible data loss incidents, as well as data breaches.
Start your project
Martin Hopkins is owned and run by award-winning creative minds. If you have an exciting new project, submit your brief and we will be in touch to give you a project quotation based on your requirements.