Why Your Website Needs To Be GDPR Compliant

What is the biggest problem GDPR presents for website and business owners? A website needs GDPR compliance and not everyone has caught up with the new requirements.  

  • Is it simply the question of compliance itself? 
  • Is it a bigger problem, namely the different approaches to GDPR adopted by many website and business owners?

Our focus is helping website owners comply with the GDPR regulations in several key areas.

\"websiteA Website Needs GDPR Compliance

We have a solution that helps ease the GDPR compliance problem for website owners. Before getting into discussing the solution, it makes sense to first look at what needs to be covered and how the problems created by GDPR will be most easily solved.

What Is Your Approach to GDPR?

By far the biggest problem GDPR presents is business and website owner’s deciding to plain ignore it, in the hope it will go away or hoping it will not apply to their business. Sooner or later all businesses will feel the impact of GDPR directly or indirectly.

Will GDPR Affect The Cost Of Building Websites?

GDPR will certainly have an impact, if as a website owner, you want a website that complies with the law and the GDPR regulations. This is covered in more detail later on.

a website needs GDPR compliance

Who Does GDPR Apply To?

If you are in the EU, (or carry on activities in the EU from outside the EU, which deal with EU citizens), then the GDPR applies to all such organisations having such dealings. You may be a commercial business, charity, public authority, or other institution. If you collect, store or process EU citizen data, GDPR applies to you.

Official Enforcement

The ICO (the UK body responsible for compliance) has made it plain that ignoring GDPR and making no attempt to comply with the regulations will be dealt with more severely than business owners who attempt to comply and perhaps get parts of the regulations wrong.

Tiered Fines and Other Penalties

The fines are tiered depending upon the severity of the breach, all the way up to 4% of global turnover or 20 million Euro.

Ignoring GDPR Is Not an Option – A Website Needs GDPR Compliance

It will be clear from what is said above, that ignoring GDPR and making no attempt at compliance really is not an option.

If you have not made any attempts to get in line with the GDPR regulations, then the more time that passes by, the bigger the worry.

a website needs GDPR compliance

The Purpose of This Article – GDPR and Websites

This article is not designed as legal advice. Rather it is highlighting certain key areas, as the GDPR relates to websites and our interpretation of how websites can become more compliant with GDPR.

It will be showing how websites are affected and how you can take the important steps in meeting GDPR regulations in these several key areas.

The Key Idea behind GDPR

The key idea behind GDPR is ‘putting people in control of their data’.

Consequently, GDPR provides for a strengthening of ‘consent’ in how data is used.

Transparency, erasure and portability of data are key areas and important tools for individuals to employ when looking to enforce their data rights. These rights affect you as a website owner.

Clearer Notices – Better Policies

As a website owner, you will have to give users and customers clearer notices and compliant privacy policies.  EU residents get powerful new rights which include a Right of Access, Right to Rectification, and Right to Erasure.

a website needs GDPR compliance

What Does This Mean For Website Owners?

Individuals will be able to:-

  • Demand a copy of all the data you hold on them
  • Demand any errors are corrected
  • Request the removal of all personal data 

The GDPR also gives the right to find out if an individual’s personal data has been compromised. This means Websites will need to notify customers if their personal data is stolen or compromised in a breach. This must be done within a reasonable time period.

What Websites Owners Need To Know

As a website owner, it is important to be aware of the main aims behind the regulations. This means that websites can reflect the rights of individuals and help to give them more control over their data.

Website owners will also have to consider how any software and other services used may affect user and customer privacy.

In addition, website owners will need to be aware of how their websites, (including E-Commerce websites), collect data, who, if anybody, they share it with, and what tracking technologies measure and track users and customers across the Internet.

a website needs GDPR compliance

How to Give Users More Control Over Their Data

There are a number of ways of doing this. Some involve a lot of labour intensive work and administration. This can become a massive burden on a small business owner, so anything that helps to slimline the process and saves time is a massive bonus.

We have a solution that helps to automate the process and minimise  the administration involved.

Before we explain that, it will help to clarify further the new rights of individuals under the GDPR regulations.

a website needs GDPR compliance

Personal Data

What is considered personal data?

The GDPR defines personal data as any information or type of data that can directly or indirectly identify a natural person’s identity.

This can include information such as Name, Address, Email, Photos, System Data, IP addresses, Location data, Phone numbers, and Cookies.

In additionthere is are special categories of personal data. These have more strict regulations and include categories such as Race, Religion, Political Views, Sexual Orientation, Health Information, Biometric and Genetic data.

To clarify things further, if you can use a piece of data to identify an EU resident, or combine it with other data to identify them, then it is personal data

Informed Consent

GDPR requires websites and E-Commerce stores to ‘inform’ their customers what data is collected, stored and shared. It also provides specific rules regarding the kind of consent required before websites and E-Commerce sites can begin collecting personal data. This has an effect upon contact forms and opt-in forms on websites. This is covered later.

Overall the effect is that websites and E-Commerce sites will have to ask for more explicit consent. This will mean providing more details of their proposed use of personal data. This will usually be done in a GDPR compliant privacy policy and terms.

Complying With GDPR

What Do You Do?

  • Decide who is in charge of privacy. Designate someone or if you’re a one-person business, it will fall to you.
  • Obtain a GDPR compliant Privacy Policy. You need to disclose how and why you collect personal data, how long it is retained, and who it is shared with.  We can provide a compliant policy adapted for your website under license. Please be aware that a bespoke privacy policy, drafted by lawyers just for your business, can cost up to £1500 and that is just for the privacy policy. You may decide you want a bespoke privacy policy but that is a decision for you and your business.
  • Determine how you will respond to Right of Access and Right to Erasure requests. Our solution can help you do this, where these requests relate to website data.
  • Decide what to do if there is a security breach. Preparation is key here. Again our solution can help in the event of a security breach. Again this is part of your privacy responsibility under the GDPR. You must inform customers promptly if their data or privacy has been breached.

Your website and business may have special needs and requirements. In that case, it will be recommended to consult a lawyer for any specific needs or types of personal data processing your site may carry out. The main point to be aware of is that a website needs GDPR compliance.

Privacy Is an Ongoing Process

The GDPR regulations provide some key principles. As far as websites are concerned these include

  • Privacy by design. This means an approach to your business and website that promotes privacy and data protection compliance from the start.
  • Privacy by default. This means the strictest privacy settings automatically apply once a customer acquires a new product or service.
  • Data breach – which means for websites, some breach of security resulting in the accidental or unlawful loss, alteration, destruction, unauthorised disclosure of, or access to, personal data.

Collecting Personal Data

This is traditionally done by the use of contact forms and opt-in forms. These now need to be in a compliant format.

Website owners must now ensure that it is clear what a user is consenting to. GDPR has introduced the concept of freely given consent that is both specific and informed.

Consents cannot be bundled together but must be specific and granular.

Website and business owners cannot assume that users are happy to receive marketing communications unless they have given a specific consent.

This means users must take a positive action to opt-in. It must be clear to the user that they are opting in and they must make a conscious decision to do so. This means pre-ticked opt-in boxes are not allowed.

Styling Of Contact & Opt-in Forms

It is important to get a style of form that will encourage users to agree to receive more information.

Some websites are relying on a tick box but this is probably not the best solution from a marketing point of view. The psychology behind the form design will therefore become a lot more important.

GDPR Will Affect Your Relationships with Other Businesses

GDPR will also have what we call ‘long reach’ implications when dealing with other businesses. It will become a lot more common for GDPR compliance to be a requirement, particularly with the larger business. They will wish to see GDPR compliance from the businesses they deal with in order to protect themselves. This means it will definitely help to look GDPR compliant in the first place.

Certain businesses may in addition (and depending upon the circumstances), seek specific data processor and data controller agreements as part of their GDPR compliance procedure.

GDPR Is Complex

This is not meant as a comprehensive overview of GDPR. GDPR is complex and has many grey areas, which will only be clarified as the regulations are more clearly defined.

This means that further updates and adjustments will be required over time and website owners must be ready for them and be prepared to adjust accordingly.

GDPR Benefits

There will be benefits for business owners that understand how to take advantage of GDPR. Take a look at our article here outlining how you can benefit from GDPR.

How Does GDPR Impact Website Design Costs?

It will be clear that GDPR adds an extra layer to the whole process of conducting business and to running a compliant website.

Depending upon your viewpoint you will either see it as a cost or an investment. It is a cost to the extent that it involves further expenditure but at the same time, it can be a benefit.

Websites and businesses that can show they take privacy seriously will gain extra trust from their users and customers. Consumers will be actively looking to see if the websites they visit take their privacy seriously.

a website needs GDPR compliance

User Privacy Centre

A user Privacy Centre, outlined below, will show your website visitors that you are taking the new law seriously.

For a look at the type of websites and how GDPR will affect design costs please have a look at our Free EBook – Website Design Prices 2018 – download it here

\"Web

GDPR Compliance Should Be Tax Deductible Business Expense

The costs of ensuring your website comply with GDPR should be an allowable business expense for tax purposes, probably falling under ‘Web Development Costs’. You will, of course, need to confirm this with your accountant and how it applies to your business.

GDPR Solution for Websites

We do provide a GDPR solution for our websites and we may be able to assist if you have an existing website.

A quick overview of the solution is outlined here:-

  • Cookie consent notification with index of cookies used in the website 
  • User Privacy Centre to automate user requests under the GDPR – this includes the easy withdrawl of consent on the website itself
  • GDPR Privacy Policy adapted for use with your website and licensed from us
  • GDPR Terms and Conditions for use with your website and licensed from us

The ICO website contains detailed information on compliance

The following video explains how the solution works 

(please maximise the size for clear viewing – click the full screen button)

Why Your Website In Manchester or Salford Needs To Be GDPR Compliant

Website Design Manchester Salford GDPR Solution

Book a Free Consultation Now

If you require more advice please book a free consultation now.

Online booking here

Telephone 0844 4141 326

Stephen Wilk 

 a website needs GDPR compliance