Web Designer Southampton

GDPR - Compliance

Is your business ready for GDPR?

GDPR is coming on 25th May 2018 and you need to make sure your business is ready, below is an excerpt from our latest blog post to help you understand more about GDPR, you can read the full article here.

Why You Need to Care About GDPR

Every time you collect an email address, a name, home address or phone number, you are obtaining someone’s personal data. If any of those people are citizens of the European Union, you must adhere to the new rules. 

The GDPR was developed to modernise the current EU data protection laws with a stronger focus on an individual’s rights and privacy. While some of the legislation is stricter and the penalties for non-compliance are tougher, the ultimate goal is to improve trust in the digital ecosystem.

To that end, EU citizens will have several new rights to help them take more control of their own data. Here are the most important user rights:

  • Right to be forgotten gives someone the power to ask a company to delete ALL of the data that is associated with that person. This requires you to provide more than an unsubscribe button. If a user makes a request, you must delete all the data stored in your databases and anything else associated with the user.
  • Right of access allows your subscribers to ask exactly how you are using their data and for what purposes. If a request is made, you’ll need to provide a personal data report at no cost to them.
  • Breach Notification is mandatory under the GDPR, which means you have 72 hours from becoming aware of the breach to notify customers.
  • Right of portability lets people request their data, which means you would need to download a file of all their data in a ‘commonly used and machine-readable format’.It will no longer be allowed to auto opt someone into your newsletter or email database, they need to specifically tick a box or give some other form of consent for this.

Now that each individual has the power to request or delete their data, you need to think about what data you really need and what data you can live without. The more data you collect, the more documentation and management is required to quickly address a data request.

If you prefer to collect a lot of customer data for your marketing initiatives, it’s important to note that the GDPR definition of personal data is far-reaching and includes things like behavioural data, IP addresses, biometric and financial data to name a few. Basically, anything linked to the individual is personal data.