By now, you’ve probably received at least one email from a company asking you if your website is ready for GDPR compliance. This is a high time and you need to get prepared your website with GDPR compliance. Why?
Let’s explore why it is essential for your website if you’re dealing with users from European Union’s nation.
Recent data breach has put user’s information on high risk and it can be manipulated to any extent and it can cause major impact on our life- it can create an unsettling environment and shakes the global politics. So, you can imagine to what extent it can harm your business and degrade your reputation and business value if a breach happens to your data security.
However, to assure users with their data safety digital companies and website owners need to make sure that all the data they are collecting is safe with them.
Amidst of these data security issues, over the past few years European Union decided it needed stronger privacy regulation in place. Last year in April it was voted by EU parliament and companies have had one year to get ready for this new regulation, which goes into enforcement on May 25, 2018.
Important Things to Know About GDPR
At its core, General Data Protection Regulation (GDPR) is a set of rules by European Parliament that deal with the privacy of users, which basically focuses on the citizen of Europe. It applies on all the businesses how they are to handle data for the users of European nations.
Under GDPR compliance there are three main elements that you need to consider:
1. Right to access: Websites need to show users what data points are being collected, where are it’s being stored and processed. You need to be transparent about the data, and the purpose, processing and storage of the data and as a website owner you must provide this information free of cost within 40 days.
2. Right to delete: You need to provide users with an option that gives users a choice to opt-out of the data collection process.
3. Data portability: You need to provide users with an option that allows them to download their personal data they’ve consented to and transmit it to a different controller.
How General Data Protection Regulation (GDPR) Applies to Website Owners
There are majorly 6 main ways GDPR will affect website owners:
1. How you collect data through various forms on your website (Subscription forms, contact forms, newsletter signups, gated content, etc.)
2. The way you collect analytics data
3. What you do with the collected data
4. Where you store the collected data
5. How you communicate with your users & customers
6. The code used in your website theme and plugins
What is Consent?
As per GDPR compliance consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
However, there is lots of debate on consent but ICO’s has made the guidelines pretty clear-“Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.” So, you need to make the request for consent a prominent practice.
Create appropriate consent forms across multiple channels and mediums. That’s how you’ll be able to collect and manage consent properly on all your business channels-website and social media channels.
Penalties & Fines
Let’s be clear what personal data constitute- any information related to a person that can be used directly or indirectly identifying that person is considered as personal information. Moreover, it can be anything from a name, an email address, a picture, bank account details, post on social media websites, medical information or a computer IP address. If you deal in business with users in a country among European Union and your website is not ready according to GDPR then after 25th May 2018 you may have to face heavy fine as penalty.
Before we move forward with the detailed fine and penalties for the GDPR compliance, we need to have clarity of user data consent.
Companies in breach of General Data Protection Regulation (GDPR) can be fined up to 4% of annual business turnover or €20 Million– whichever is higher. This is maximum fine that can be imposed for the most serious violation. e.g. In case your company does not have sufficient user consent to process data.
However, there is a tiered approach to fines and penalties. There are 2 tiers of administrative fines that can be imposed:
1. Up to €10 million, or 2% annual global turnover (whichever is greater).
2. Up to €20 million, or 4% annual global turnover (whichever is greater).
For example, a company can be fined 2% or €10 Million of annual business turnover – whichever is higher for not having their records in order, not notifying the supervising authority and data subject about a breach or not conducting impact assessment. The European Union (EU) can even block your website and you’ll be restricted to do business for the nations under EU.
Moreover, it is important to note that these rules or compliance is applied to both- data controller and data processors, which means ‘clouds’ will not be exempt from GDPR enforcement.
Are You Ready for May 25th, 2018?
You may have faced the challenge now and you must be in query how to get ready for the upcoming GDPR compliance. This must shake all your ongoing tasks in process but, this is foremost consideration you must consider for a safe user experience and a safer business on the internet or else you will be facing heavy fines.
Key GDPR Steps
• Discover: The process includes what personal data you have and where it resides.
• Manage: The process of governing how personal data is used and accessed.
• Protect: Here in this process you need to set security control to prevent, detect and respond to data breaches and related vulnerabilities.
• Report: And now you need to respond to data request, report data breaches and keep a proper documentation.
The Way Ahead
Get prepared for GDPR with the following things to take into consideration for making your website GDPR compliant:
Website Audit: Audit all the website on your website that all plugins collect- user registrations, comments, contact forms, lead gen forms, analytics, logging tools, security tools, etc.
Notifications: You need to notify users that you’re collecting data. This can be done through a pop-up notification on your website as many plugins you’re using will include this.
Allow User to Opt-Out: Make sure that once a user has given consent they must be able to opt-out at any time. You can take the following example we are having on our website.
Get Permission: Every time a user submits information, for blog subscription or newsletters, etc. you must get permission to collect their information.
Give Users a Copy of Their Data: You can use a plugin for providing your users with a copy of their data.
Notification of Breach: If some data breach happens, you must send notification within 72 hours of becoming aware of the breach.
Make Sure Plugins are Compliant: You need to make sure that all data collecting plugins you’re using on your website are GDPR compliant, if you’re using plugins that are not updated with GDPR compliant, consider replacing it.
To Sum It All
GDPR is coming and this is the right time to get prepared, make your website and data safe for users. You need to asses the risk of your data and take right action. If you don’t need any data better not to store it and delete the data, you don’t need. It will be equally good for your business, even with the extra cost you would love to have it because you can target your audience better. Similarly, you can save huge on advertisement and this way you’ll be able to run more effective ad campaigns to promote your business. Most importantly, you will serve a better experience to your users.
Let’s create a better and safer website for your business. If you want to make your website ready for GDPR compliance, share your website URL and one of the Monks will get in touch with you in next 24 hours.