Web Design & Digital Marketing Agency London & Devon

10 things your business needs to know about GDPR

10 things your business needs to know about GDPR

With the new GDPR rules coming into effect in a few short months, now’s the time to ensure your business collects and uses personal data correctly before it’s too late. But what does it all mean, and more importantly, what do you need to know to make sure you and your customers are protected?

Under the current UK Data Protection Act 1998, all businesses are allowed to collect personal customer information including, but not limited to, postal addresses, telephone numbers, and email addresses. That information can then be stored, collated, and used to create mailing lists which, in turn, are used for business marketing purposes to consumers.

But with the EU’s new General Data Protection Regulation (GDPR) act coming in, the way businesses are allowed to collect and use that information will be different. And the results will mean big changes in the way your business markets itself to customers.


So what is GDPR in a nutshell?

GDPR is a set of updated official rules and regulations that follow on from the current outdated Data Protection Act, with far more prominence on digital data. With its implementation, it gives consumers more of a say in how businesses use their personal data.

The new GDPR rules will be virtually identical across the whole of the EU, and will apply to all businesses based in, and/or trading in, the EU. Every business will have to comply with GDPR rules if they want to start, or continue collecting customer data and information from anyone in the EU. And GDPR will be much stricter than current data laws, with any businesses that don’t comply facing big fines. So how do you make sure your business is covered? Here are our 10 things on GDPR you need to know about.


10 things your business needs to know about GDPR

  1. New GDPR rules start on May 25th 2018. You have until then to make sure your business is fully compliant
  2. Failure to comply could result in fines of up to €20m or 4% of your global annual turnover
  3. Personal data isn’t just names and addresses anymore. It covers far more digital data such as email addresses, bank details, social media information, IP addresses, and even photos.
  4. If your business suffers a data breach of any of the new GDPR rules, you must report it to the Information Commissioner’s Office (ICO) within 72 hours, and notify all parties who are affected
  5. You must implement a double opt-in process whereby consumers tick a box to say they want to receive marketing information from you, then confirm this action via email
  6. You must keep full records of all the data you’ve collected and your reasons for doing so. More detailed information about this will also need to be given to consumers
  7. Consumers will have the ‘right to be forgotten’. This means that upon request, you must completely erase all their data, including any affiliate businesses or organisations that hold copies of it
  8. Businesses will no longer be allowed to charge consumers who request access to their data. You must also comply with their request within 40 days.
  9. You’ll need to appoint a Data Protection Officer if your business undertakes data monitoring on a large scale, processes large amounts of personal data of a sensitive nature, or comes under a public authority
  10. GDPR is applicable to the UK before, during, and after the UK’s withdrawal from the EU

How will GDPR affect your website?

Many, and hopefully all, business websites will currently have information relating to their privacy and cookie policies readily available and accessible online. However, as both these policies pertain to the use of personal data, with the introduction of GDPR, they’ll need to be amended and added to in order to comply.

Your website’s privacy policy should be written in clear and plain language, without jargon, and with as few technical terms as possible. Its aim should be to keep information clear, concise and transparent, and clearly understood by anyone without any grey areas.

Though there are more detailed inclusions for your privacy policy, the objective is to make your site visitors aware, and more informed about exactly how their data will be stored or used.


On-site cookies

Your cookie policy will also be affected by GDPR. Cookies store information about users such as names and login details, and provide you with information on their browsing habits. Therefore, it falls within the remit of personal data under the new GDPR act.

Back in 2012, it became law that every website using cookies was required to make every site visitor aware of the fact, and to gain their permission accordingly through a pop-up window stating ‘by using this site you accept cookies’. Under new GDPR rules, this is now not enough. Much like the privacy policy, you will need to state how the cookie information will be stored and used, while giving a clear ‘opt-out’ option as well.

Put simply, any visitor to your site must be able to fully understand how their personal data will be collected, stored, and used. By doing so it fulfils the main objective of GDPR, which is to make it just as easy for a user to withdraw their consent, as it is to give their consent.


Your next steps

Many points in our list of 10, as well as the cookie and privacy policies, might appear daunting, as well as making it seem more difficult for you to communicate with your customers. But in the long term, it will be much easier for both you and consumers to monitor the way in which data is processed and used.

While compliance now will probably mean a short term investment of time, people and money, you’ll be fully prepared and ready when GDPR becomes law in May.

If you have any questions about GDPR compliance and your website, feel free to get in touch with the team at Priority Pixels – email us at hello@prioritypixels.co.uk


Share This

Twitter Facebook Pinterest Goolge+ LinkedIn Email

Sign up to our Newsletter

We're social