The GDPR legislation comes into play on 25th May 2018 and we want to make sure you have all the information you need. The Information Commissioner’s Office (ICO) are responsible for looking after the information rights of the public and therefore will oversee GDPR.
GDPR is something which is as important today as it will be on May 25th. GDPR is The General Data Protection Regulation and European Privacy Law, it is an important legislation which ensures the protection of all EU citizens’ personal data. Whether you are an organisation in Europe or the rest of the world, as long as you are using, processing and storing any personal data which can identify a EU citizen then it is the law to comply.
GDPR specifies a list of guidelines which allows individuals to have more control over their data.
The personal data which is covered in the documentation is broad and includes both personal data and sensitive personal data which may be held about an individual.
Any information relating to a person such as name, locations, ID number, IP address etc.
Data which is about an individual’s race, ethnicity, sexuality, physical or mental health, religion, political opinions or any criminal offences.
Consent, in this case, is referred to the request to store the individuals’ data. It is crucial and ensures that you are putting your users’ privacy first. Asking users for consent will increase their trust in you and this is extremely important when their personal data is involved.
If you hold data of any under 16s then you need to request consent from parents or guardians. The Information Commissioner’s Office (ICO) state that if there is chance that an individual, under the age of 16, has data obtained via online services then consent will be needed. This is particularly important in terms of online profiles and if marketing material is being sent.
All of your users should have the following rights when it comes to their personal data:
The ICO has outlined some serious consequences if organisations don’t follow the GDPR rules. An organisation could have to pay 4% of their annual income or 20 million euros (whichever is greater). These penalties highlight the importance of ensuring your organisation is ready for GDPR by 25th May 2018.
If you are a part of the public sector then you are more likely to have an internal information governance team who will deal with this in the appropriate manner.
If not, we would strongly recommend doing research into the specifics of the new GDPR specification, the ICO website outlines all the major points in detail, it’s important to be aware of which new rules you could be affected by.
For organisations who deal with a large amount of data storage and processing, it may be necessary to appoint a Data Protection Officer in order to oversee the changes for GDPR compliance.
Most importantly, all changes to your current data storage and processing methods must be GDPR compliant by 25th May 2018. This includes all digital/online data processing such as your website.
If your organisation has a breach of data and an individual’s data is compromised, the GDPR guidelines stipulate certain actions which should be taken. Data breaches happen through an unauthorised access of data (which includes the passing of data into the wrong hands):
We have been following the progress of GDPR for a little while and have been investing time into developing compliant solutions for our clients. This means allowing our clients to capture users’ data with the best practices towards security and privacy. We’ll be reaching out to our existing clients and recommending individual website reviews where we’ll be able to give you our feedback and suggestions for GDPR compliance.
If you’ve got any questions about GDPR compliance for your website, contact us.
ICO (2018) Guide to the General Data Protection Regulation (GDPR) Available at <https://ico.org.uk/> [Accessed 11th January 2018].