GDPR
Please read the following information as there can be large fines for ignoring this information. Compliance with the GDPR is your responsibility with both your online and offline activity.
Webwax has been looking at how the GDPR affects our clients with their data protection and the following is a basic review of how these changes will affect you.
Contact to us to get your website GDPR Compliant.
It’s coming into EU law (and post-Brexit UK law) on the 25th May 2018 and you will need to be aware of your responsibilities of the use of data and users privacy.
1. SSL certificates
It is now highly advisable to have an SSL certificate (changing your website from http:// to https://). Encrypted websites now have a padlock (on Chrome and Safari) to show they are safe, so anyone can see if you have an SSL certificate.
Initially, mainly for e-commerce websites, SSL certificates are now important for all websites. On most websites, this relates to contact forms. Incoming contact form emails can be intercepted – an SSL certificate protects you against this happening. Aside from this Google have announced they will punish any natural listings on websites that do not have an SSL certificate.
Webwax can provide the SSL certificate (and install this) on your website and make the necessary alterations within analytics and set up the required page diverts.
If you do not purchase an SSL certificate then Webwax cannot be held responsible for any potential data breach on your website.
2. Contact Forms
Contact form data is not usually stored on websites. Either you receive contact forms directly or it is delivered and stored in a third party form app such as Wufoo. Wufoo themselves will be compliant with the new GDPR changes.
If you believe that you have personal data on your clients being stored on your website then contact Webwax. We can then check you are compliant with the GDPR. An example of this would be if you have had another web company (away from Webwax) adding any personal data collection plugins.
3. Cookie Policy
The majority of cookies for most of the websites we’ve designed do not collect any personal or sensitive data. That said if you don’t already have one, EU Law states that you must have a cookie policy identifying what cookies are being used and what for.
4. Privacy Policy
Your website will need a privacy policy page, which is easily accessible and informs your website’s viewers/users how data you’re collecting will be stored and used.
The Privacy Policy will also need to inform customers how they can request access to their data and the steps required to withdraw consent for their data to be stored and used.
Webwax can provide a simple generic privacy policy for you and we can add this page to your website for you if you do not wish to do this yourself.
5. Offline Client and Customer Data
If you have old spreadsheets or paperwork with customer data on, then you are responsible for their protection. If a client or customer wants to know what personal data you hold on them you need to be able to send this to them and also edit or delete these details if you have been requested to do so. This applies to paper files as well as anything electronic. This information has to be provided within 30 days for the initial request.
If your computer got hacked and someone steals client information then this is your responsibility as you should have adequate security in place.
You are also legally obliged to tell any of your clients or customers if someone has accessed their data by hacking etc.
6. Newsletter Services like MailChimp.
MailChimp will be ready for the changes required for the GDPR but the way you use Mail chimp lists may need looking at.
The general rule of thumb is that people on your newsletter list need to have volunteered for being on it. Whilst Webwax has always advised this to clients, we also know that some of you have added email addresses to your lists by copying them from your contact forms or old contact databases.
With regard to the future, you shouldn’t do this anymore.
Everyone on your list from now on will have to volunteer themselves to join it (they sign up, get an email to their inbox and confirm to join there)
Does this mean I can’t use my old newsletter list?
This depends.
If you have been using a list for a while when sending out newsletters then those wishing to unsubscribe will probably already have done so. Providing you believe you can prove that newsletters you are sending to your clients and customers are valid and provide useful information for them this should have you covered with the GDPR.
If you have an old list you haven’t used for a year or more and where you have added people manually rather than them subscribing to this, then you shouldn’t use this list.
Proof may be required as to when subscribers joined your list. (this information is stored in MailChimp if they have signed up themselves to the list).
This also means having a tick box on a website from which if left unticked automatically adds people to your list is no longer allowed.
7. Chat boxes
If you have a chat box on your website this may need checking. The larger companies who produce licensed versions should already be preparing for the GDPR but it’s worth checking if your chat box is GDPR compliant.
If in doubt contact Webwax and we can check GDPR compliance for you and advise on whether it needs updating or upgrading.
8. Email passwords
Webwax suggests that you change your email passwords on a regular basis to aid security. If you have a password that is easy to remember then it may be easy to guess.
For example, if you run ABC cleaning company then don’t use a password like abcleaning123. A proper password would be something like D44^^g665Ghhb using numbers, special symbols, and a mix of upper and lower case letters. If you can’t remember this then write it down physically and store it somewhere private.
If you have sensitive data on clients (lie bank details, home addresses etc) in your email transactions then see if you can store this information somewhere more secure.
Further Reading links:
- Official GDPR website: https://www.eugdpr.org/
- GOV.UK: https://www.gov.uk/government/news/government-to-strengthen-uk-data-protection-law
- Wikipedia: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
- BBC News: http://www.bbc.co.uk/news/business-40441434
- European Commission: http://ec.europa.eu/justice/smedataprotect/index_en.htm
Contact to us to get your website GDPR Compliant.
It’s coming into EU law (and post-Brexit UK law) on the 25th May 2018 and you will need to be aware of your responsibilities of the use of data and users privacy.