- Jun 22, 2018
- by Brad Litwin
If you run a website outside the European Union, you may not think that the General Data Protection Regulation (GDPR) affects you. However, if you collect data from citizens of the EU, you must ensure that your site complies with this regulation. Otherwise, you can be hit with heavy penalties – up to 4% of your company’s global annual turnover.
The good news is that there’s still time to get ready. As long as you understand what this regulation entails and what steps you’ll need to take, making sure your site is compliant doesn’t have to be a headache. You’ll mainly need to understand what is required of you and what data your site is collecting, and make sure your privacy policies are up to speed.
In this article, we’ll talk about what the GDPR entails, and why it’s important that your site stays on the right side of the law. We’ll also show you a few tips for how you can prepare your website. Let’s take a look!
What the General Data Protection Regulation (GDPR) Is (And Why You Need to Prepare for It)
The General Data Protection Regulation (GDPR) is a new piece of EU legislation that concerns data protection and privacy. Even though this law is created and enforced by the EU, it will affect any site that collects data from EU citizens.
This means that almost every website will need to comply. Failure to do so may result in heavy penalties. The fines are split into two levels, with the first starting at 2% of your global annual turnover for the previous year or €10 million, whichever is higher, and the second level doubling both figures.
This should make it obvious that the GDPR is nothing to take lightly. However, while it’s definitely serious, it’s also not inherently negative. In fact, there are several benefits to the regulation for brands and site owners alike. For example, since the GDPR will promote transparent data usage policies, your visitors can be more confident that your site is trustworthy. It will likely also lead to more thoughtful development, where data handling and privacy are default cornerstones – which is good news for everyone.
4 Ways to Prepare Your Website for the GDPR
Now, we’re going to look at some of the ways you can prepare your website to be GDPR-compliant. Bear in mind that this is not an exhaustive list, but rather encompasses the most important areas you should cover in order to become compliant.
1. Educate Yourself and Your Company
The first step towards preparing for the GDPR is making sure that you and every relevant member of your organization is aware of the regulation and how it will affect you. You should start this stage as soon as possible, to give yourself time to implement any necessary changes.
In order to properly prepare your site, you need to understand what’s being asked of you. Depending on how your organization is constructed, this could involve creating a group specifically to research and prepare for the GDPR. What’s more, be prepared to hold meetings and make some solid plans before you implement any changes.
2. Identify What Data You’re Already Collecting
The GDPR concerns users’ right to privacy, and gives them greater power over how their personal data is handed. As such, it’s important that you’re aware of exactly what personal data you already have, how you’re collecting it, and how it’s protected.
This includes any personal data from your employees, users, registered members, subscribers, supporters, etc. (just to name a few). You’ll want to list out exactly what data you’re storing, and make sure you’re also recording whether any of it is shared with external parties.
3. Update Your Privacy Policies and Notices
The most important thing is to inform visitors about how you’re adhering to the GDPR’s eight rights for individuals. You will also need to make it clear how long you intend to keep the saved data, and what lawful basis you have to process personal information.
4. Create a Strategy for Handling Data Breaches
A data breach is the unlawful release of private and/or confidential information. In online terms, this almost always includes user details, such as personal data, passwords, and even financial information.
The GDPR requires that you make users aware when a data breach of personal information occurs. This is in line with the regulation’s goal of keeping users informed about how their data is handled. For this reason, you need to be able to inform anyone affected by a data breach within 72 hours.
It’s smart to create a strategy beforehand, so you know how to handle this situation if it arises. This article by NCC Group contains some solid advice on how to inform those affected (and the media) after the GDPR goes into effect. You can also find more information on general website security in our own knowledge base.
No matter where you live, it’s important to ensure that your site complies with the General Data Protection Regulation (GDPR). Fortunately, this doesn’t have to be as difficult as you might imagine. As long as you’re aware of the requirements, you can take steps to improve your site’s security.
In this article, we’ve touched on the most important ways you can prepare for the GDPR. These include:
- Educate yourself and your company on what the GDPR means for you.
- Identify what personal data you’re collecting and how it’s handled.
- Update your privacy notices and policies.
- Create a strategy for handling data breaches.
Image credit: Pixabay