The much anticipated GDPR (General Data Protection Regulation) enacted by the EU comes into effect on 25th May 2018
The GDPR is a new set of regulations which aims to offer EU citizens far greater control over their personal data and comes with a corresponding new set of responsibilities for business owners. This makes all the fuss over the “This site uses cookies” notices look like a minor blip. If you own a web site – this is a big deal.
Why is this a big deal?
There are fines involved! Each EU state will have its own Supervisory authorities (SAs) whose role will be to implement and enforce compliance with the threat of potential fines of up to 4% of annual turnover. It’s pretty clear the EU wants this taken seriously.
What exactly are we talking about here?
If your web site is in any way working for your business, it is likely it utilises some or all of the following:
- New user registration
- User comments or feedback forms
- Data submitted from Contact forms
- Web site Analytics and traffic logging (particularly those saving IP addresses)
- Other logging utilities/plugins
- Security plugins
This is potentially quite a bit of user specific data and with the new changes, users of your website now have three fundamental rights:
- Right to access
Show full transparency in how and what data you’re capturing and collecting data. You also need to say why you are capturing this data and where you are storing and processing it. Crucially you will need to be able to provide users with a copy of their data, free of charge and within 40 days.
- Right to be forgotten
Users now have the right to be forgotten an option which means you must provide them with the option to erase all personal data and withdraw their consent for you to collect further data.
- Right to portability
The ability to allow users to access their personal data and if it is their preference to, transmit this data to someone else.
That seem fair enough. What actions should I take with my web site?
Well, you understand we’re not offering legal advice here. We’d suggest you check out: http://gdprandyou.ie to make sure you’re covered insofar as it relates to your particular business or sector. It might be a good time to evaluate if your web site really needs to capture the data it does if (for example) sending an email would achieve the same job.
Depending on the age and construction of your web site your ability to comply and with the new regulations may vary. Extracting extensive individual user’s data from older systems could be potential be quite expensive. Feel free to contact us to discuss your readiness for the future.
This is definitely one you shouldn’t ignore.