The new General Data Protection Regulation (GDPR) is an evolution of the EU’s existing data rules, the Data Protection Directive (DPD). It addresses many of the shortcomings in the DPD, adding requirements for documenting IT procedures, performing risk assessments under certain conditions, notifying the consumer and authorities when there is a breach, as well as strengthening rules for data minimisation.
GDPR is the EU General Data Protection Regulation which came into effect from the 25th of May 2018. If your business uses email marketing, has a newsletter, comment box, contact forms, sends direct mail or makes sales calls then you really need to think about what data you are collecting. Also if you use common tracking tools such as Google Analytics or Facebook Pixel then you need to inform visitors to your website that you are using these tools.
The law states that if someone has given consent for you to collect data, such as newsletter sign ups and contact forms etc. Then you need to record when they gave you permission and you need to keep a log of what they were shown, when they opted in.
Are you aware of the data your website is collecting?
Visitors must have the choice
You need to explicitly gain permission to send someone email marketing or to track their data. The user must opt in. Website contact forms, newsletter registration forms, comment boxes & checkout pages will need to have tick boxes for users to confirm they agree to opt in.
We can help add tick boxes to your website forms and make sure your users are complying with GDPR, contact us to help add this to your website.
You will need to record when visitors gave you permission and you need to log exactly what they were shown when opting in. It is a good idea to assign an individual who is in charge of information gathered and you must keep a record. People have the right to tell you to stop marketing them and you must make this option clear in all of your communications. These are just some of the ways in which GDPR can affect you and your business:
• The “right to be forgotten”: When an individual no longer wants her/his data to be processed, and if there are no legitimate grounds for retaining it, the data will be deleted.
• Easier access to one’s data: In the new GDPR guidelines, individuals will have more information on how their data is processed and this information should be available in a clear and understandable way. A right to data portability will make it easier for individuals to transmit personal data between service providers.
• The right to know when one’s data has been hacked: Companies and organisations must notify the national supervisory authority of data breaches which put individuals at risk and communicate to the data subject all high-risk breaches as soon as possible so that users can take appropriate measures.
• Data protection by design and by default: ‘Data protection by design’ and ‘Data protection by default’ are now essential elements in EU data protection rules. The GDPR guidelines state that data protection safeguards will be built into products and services from the earliest stage of development, and privacy-friendly default settings will be the norm.
• Stronger enforcement of the rules: data protection authorities will be able to fine companies who do not comply with EU rules up to 4% of their global annual turnover.
• Data transfers outside the EU: currently the DPD applies to all EU countries as well as Norway, Iceland and Liechtenstein. With new General Data Protection Regulation, any country processing or interacting with the personal data of an EU citizen will have to comply with the data protection laws.
The law was implemented in Ireland in July 2011 a website cookie notice should pop up before you start browsing a website. Otherwise, they would have violated the law and could be subjected to legal prosecution.
The Best for you and your business
If you are unsure of your legal requirements and what information your websites collect then you need to speak to us today about a General Data Protection Regulation audit and update.