IMPORTANT: NON GDPR Compliance MAY result in a fine of 4% of Annual Turnover
Huge changes are happening right now that affect your website AND your business.
The European Union (EU) put together a set of compliance standards for user data called the General Data Protection Regulation, or GDPR. The primary aim of GDPR is to give European residents control over their data. The GDPR holds every business accountable to make security arrangements, update security settings, offer data portability, update your terms and conditions and privacy policy, and secure every aspect within your business that houses personal customer data. Non-compliance could trigger a fine of up to 4% of your annual turnover.
The main points of this 100-page legislation (with all the details here: GDPR portal) are outlined here:
- Consent – Everyone whose data you collect must consent to you doing so. This doesn’t just apply to data gathered via forms but also to data picked up in the background such as IP addresses, if it’s used to identify an individual. And you must be transparent on how their data is processed and used.
- The Right to Access – Individuals will have the right to access to their data.
- The Right to Be Forgotten – An individual will have the right to have their data erased.
- Mad Cat Marketing – Integrate strategies necessary to protect customers information thoroughly throughout all aspects of your business regarding their personal data.
Because your website displays in the EU) and collects data from European citizens – you must comply to their new standards. These are good practices to have in place whether the EU regulated them or not. These standards require us to keep our customers data private if they desire. This also requires you to promptly provide the European Information Commissioner with information of all data if data is lost if a data breach occurs.
If you do not follow these new GDPR regulations, you have potential to be liable for the data that is lost and subject to a fine of 2 to 4% of your total gross revenue or up to 20 million Euros.
What Is Required of Mad Cat Marketing
We maintain your website. We consistently update your WordPress core and maintain up-to-date versions of all active plugins. We already provide multiple security measures to ensure the safety of customer information on every site that we build and host.
Your website will already have a valid SSL certificate, which is updated every 3 months which protects customer data while it is in transit from their browser to our database with super encryption.
Conglomerate companies with MILLIONS of dollars-worth of security still get breached, i.e. Equifax, eBay, Yahoo, Target, and Adobe to name a few. So, while a site is never 100% secure (and the actual the value of some of the data is arguable: names, addresses, and email addresses) we consistently offer best security practise with strong passwords on our servers with Siteground, all our wordpress website admin logins, our business devices (where all data is stored, we keep no paper copies) & use the free version of Wordfence as standard. However, should there be a security breach with our servers or with your website, we will endeavour to alert you as soon as possible.
Part of GDPR compliance is offering transparency of data processing, for my part I will endeavour to provide as much detail as possible to you on which organisations potentially have access to the user data that is taken by your website (such as the Server provider, theme provider, any relevant plugins and Mad Cat Marketing).
If you would like us to make your website as GDPR compliant as possible we will have to audit your site as each business is unique and compliance updates will vary from site to site.
What is Required of You
It is your responsibility as the owner of your site, to ensure your site is GDPR compliant. Of course, I will assist you in any way we can to make your website compliant, but unfortunately due to the time factor involved I am unable to offer this service free of charge. All updates made to any website (forms, privacy policies, etc.) for GDPR compliance will be charged at a one off charge of £12.50 per website. You will also need to write a Privacy Policy, I will add to it the parts that relate to data travelling through the website and add to your website. If you do not want me to undertake a website audit, I will still add (free of charge) a ‘partial’ Privacy Policy to your website, covering the website side of data storage and any processing.
A Checklist To Get Started
☐ Determine what personal information you have, where it came from, and who you share it with
☐ Review and update your Privacy Policy to adhere to new GDPR regulations (see below for important info to include in your privacy policy)
☐ Implement a plan for how you will delete personal data, enable updating, or provide it in a commonly used format upon request.
☐ Ensure that you obtain and record consent for every collection and use of personal data. You can no longer use pre-ticked boxes to opt in or default to acceptance of policies.
☐ Update all forms with statements as to why you are collecting the data and how you will use it.
☐ If you send email marketing, include information on why you’re emailing them and how you got their data. Double opt-in’s must be present to ensure you have informed consent on all emails.
☐ Plan for and document how you will detect, respond to, and report a personal data breach.
☐ Familiarise yourself with data protection by design practices and work out how to implement these principles for your site.
☐ For eCommerce websites If you will be using data you obtain in the sales process for other purposes, such as emailing recommendations or special offers, state this when collecting the data and give people the option to opt out.
☐ For eCommerce websites If possible, avoid collecting financial data yourself and use a third party service to take payments such as Stripe or Paypal.
☐ For eCommerce websites maintain an easily-accessed ‘My Account’ page on your website where people can access and delete their data if they desire.
Important Information to Include in Your Privacy Policy
You must include a privacy policy on your website with details of the data you process and hold, what you do with it, whether you share it, how people can access their data and how they can delete it or have it deleted. (I cannot write a privacy policy or terms and conditions for your company. I do not know how you handle your clients’ information outside of the website we built for you. But the GDPR applies to your non-website data as well. Be sure to stay compliant on all your platforms that sensitive/personal customer data may occupy.
Privacy policy MUST dictate what happens in the event of a breach. This does not just apply to your website. What happens if someone hacks your business computer? What if someone steals your customer information from your accounting software?
I would like to summarise by saying that I am not a lawyer nor a GDPR compliance expert. To be 100% sure that you are compliant I recommend having your site audited by a security professional and/or a lawyer if you are concerned in any way about liability due to GDPR and security compliance regulations. We do our best to make everything we do GDPR compliant and secure. But you should always get outside legal counsel. We shall not be held accountable for anything that isn’t compliant with government regulations or privacy.
I know we all did not get into online industry or our online businesses because we wanted to deal with data legislation, but we cannot bury our heads in the sand with something this important. The regulation was made over 2 years ago and it goes into effect on Friday 25th May, so compliance measures must take place as soon as you can to avoid the harsh penalties of the EU.
Lastly, DON’T’ PANIC! A lot of businesses aren’t yet ready for the compliance requirements on May 25th. From what I read, if you are performing steps to get to 100% compliance, EU will be forgiving. But if you do not have security measures in place, please take the time to consider the safety of your visitors and customers’ data.
Please to not hesitate to call or email with any questions you may have.
All the very best to you all.
Cathy Rowson
Mad Cat Marketing
M: 07966 349612