IMPORTANT: NON GDPR Compliance MAY result in a fine of 4% of Annual Turnover
Huge changes are happening right now that affect your website AND your business.
The main points of this 100-page legislation (with all the details here: GDPR portal) are outlined here:
- Consent – Everyone whose data you collect must consent to you doing so. This doesn’t just apply to data gathered via forms but also to data picked up in the background such as IP addresses, if it’s used to identify an individual. And you must be transparent on how their data is processed and used.
- The Right to Access – Individuals will have the right to access to their data.
- The Right to Be Forgotten – An individual will have the right to have their data erased.
- Mad Cat Marketing – Integrate strategies necessary to protect customers information thoroughly throughout all aspects of your business regarding their personal data.
Because your website displays in the EU) and collects data from European citizens – you must comply to their new standards. These are good practices to have in place whether the EU regulated them or not. These standards require us to keep our customers data private if they desire. This also requires you to promptly provide the European Information Commissioner with information of all data if data is lost if a data breach occurs.
If you do not follow these new GDPR regulations, you have potential to be liable for the data that is lost and subject to a fine of 2 to 4% of your total gross revenue or up to 20 million Euros.
What Is Required of Mad Cat Marketing
We maintain your website. We consistently update your WordPress core and maintain up-to-date versions of all active plugins. We already provide multiple security measures to ensure the safety of customer information on every site that we build and host.
Your website will already have a valid SSL certificate, which is updated every 3 months which protects customer data while it is in transit from their browser to our database with super encryption.
Conglomerate companies with MILLIONS of dollars-worth of security still get breached, i.e. Equifax, eBay, Yahoo, Target, and Adobe to name a few. So, while a site is never 100% secure (and the actual the value of some of the data is arguable: names, addresses, and email addresses) we consistently offer best security practise with strong passwords on our servers with Siteground, all our wordpress website admin logins, our business devices (where all data is stored, we keep no paper copies) & use the free version of Wordfence as standard. However, should there be a security breach with our servers or with your website, we will endeavour to alert you as soon as possible.
Part of GDPR compliance is offering transparency of data processing, for my part I will endeavour to provide as much detail as possible to you on which organisations potentially have access to the user data that is taken by your website (such as the Server provider, theme provider, any relevant plugins and Mad Cat Marketing).
If you would like us to make your website as GDPR compliant as possible we will have to audit your site as each business is unique and compliance updates will vary from site to site.
What is Required of You
A Checklist To Get Started
☐ Determine what personal information you have, where it came from, and who you share it with
☐ Implement a plan for how you will delete personal data, enable updating, or provide it in a commonly used format upon request.
☐ Ensure that you obtain and record consent for every collection and use of personal data. You can no longer use pre-ticked boxes to opt in or default to acceptance of policies.
☐ Update all forms with statements as to why you are collecting the data and how you will use it.
☐ If you send email marketing, include information on why you’re emailing them and how you got their data. Double opt-in’s must be present to ensure you have informed consent on all emails.
☐ Plan for and document how you will detect, respond to, and report a personal data breach.
☐ Familiarise yourself with data protection by design practices and work out how to implement these principles for your site.
☐ For eCommerce websites If you will be using data you obtain in the sales process for other purposes, such as emailing recommendations or special offers, state this when collecting the data and give people the option to opt out.
☐ For eCommerce websites If possible, avoid collecting financial data yourself and use a third party service to take payments such as Stripe or Paypal.
☐ For eCommerce websites maintain an easily-accessed ‘My Account’ page on your website where people can access and delete their data if they desire.
I would like to summarise by saying that I am not a lawyer nor a GDPR compliance expert. To be 100% sure that you are compliant I recommend having your site audited by a security professional and/or a lawyer if you are concerned in any way about liability due to GDPR and security compliance regulations. We do our best to make everything we do GDPR compliant and secure. But you should always get outside legal counsel. We shall not be held accountable for anything that isn’t compliant with government regulations or privacy.
I know we all did not get into online industry or our online businesses because we wanted to deal with data legislation, but we cannot bury our heads in the sand with something this important. The regulation was made over 2 years ago and it goes into effect on Friday 25th May, so compliance measures must take place as soon as you can to avoid the harsh penalties of the EU.
Lastly, DON’T’ PANIC! A lot of businesses aren’t yet ready for the compliance requirements on May 25th. From what I read, if you are performing steps to get to 100% compliance, EU will be forgiving. But if you do not have security measures in place, please take the time to consider the safety of your visitors and customers’ data.
Please to not hesitate to call or email with any questions you may have.
All the very best to you all.
Mad Cat Marketing
M: 07966 349612