Gloucestershire Website Developers Ask- What is the GDPR?
The General Data Protection Regulation (GDPR) is a new EU regulation that aims to standardise data protection law across all 28 EU countries. Part of the GDPR will be to implement and impose strict new rules on controlling/processing personally identifiable information (PII). As leading Gloucestershire Website Developers Mushroom Internet are informing all our hosting/website build and SEO customers of the changes that will come into effect.
The GDPR also extends the protection of personal data and data protection rights by giving control back to EU residents.
When does it come into effect?
GDPR goes into force on 1st April 2018 and replaces the EU Data Protection Directive introduced in 1995. It supersedes the existing 1998 UK Data Protection Act.
Does it effect the UK?
In a nutshell yes! Even though the UK is beginning the withdrawal process from the EU at the time the GDPR comes into effect we will still be part of the EU. Upon leaving the EU the UK will immediately adopt all EU legislation. Mushroom internet are on hand to explain the process to all our website development + digital marketing customers at each step.
What personal data does the GDPR Concern?
This terms refers to any information related to a 'natural person' or 'Data Subject' that can be used in anyway to indirectly identify the individual. This includes the following information:
- A name
- Photo
- Email address
- Bank details
- Social media posts
- Medical information
- Computer IP address
Do I need to appoint a Data Protection Officer (DPO)?
If your organisation does not meet this criteria then you do not need to appoint a Data Protection Officer at this stage. A DPO has to be appointed if your company meets the following criteria:
- Is a public authority
- Is an organisation that engages in large scale systematic monitoring
- Is an organisation that engages in large scale processing of sensitive personal data (Art.37)
What to look out for
If your website includes any of the following then you will need to ensure you are informing users of their rights to their individual data:
- Contact forms
- Newsletter Sign-up forums
- eCommerce / Checkout forms
- Membership sign-up / registration
- Forums / Discussion mediums
These are just a few examples, but if your website uses any technology that allows you to collect customer data, anywhere where personal details may be input into your website, then you need to make sure your customers are aware of where, what, and why, their information is being used.
What does it cost?
As a Mushroom Internet Website build or digital marketing Customer, we want to make sure you get the help you need to make sure your website stays compliant. After our assessment, if you would like us to manage the process for you then we can work with you to complete the process. This will be our time that we regrettably have to charge for, this work carries a flat rate of £49.99 ex VAT.
What is the penalty for not implementing the GDPR?
There is a tiered system of fines in place for companies that do not comply with the new regulations. They can be as high as €20 million or 4% of a company’s total global revenue, whichever is larger. This is the maximum fine that can be imposed for the most serious violations, e.g. not having sufficient customer consent to process data or violating core Privacy by Design concepts.
