Headline news just out has highlighted that more than half of UK businesses are still unaware of the GDPR regulations. The study, by compliance solution PORT.im, also revealed that only 27 percent of businesses believe GDPR applies to them, despite 73 percent saying that they collect personal data on their customers - a strong indication that GDPR certainly does apply.
Let us explain exactly what GDPR is and how it will affect your business
The General Data Protection Regulation (GDPR) is a new EU regulation that comes in to force on 25th May 2018, aimed at strengthening data protection for EU citizens and residents both within the EU and the wider world. In a nutshell, it tells businesses and organisations that “If you want to offer your services or products to customers who are EU citizens, you must make sure you look after their personal data or face the consequences!”
So, what are those consequences?
The maximum sanction for non-compliance with the GDPR is a staggering 20,000,000 Euros or up to 4% of your annual worldwide turnover, based on figures from the preceding financial year, whichever is the greater. Wow, GDPR really is just too big and too serious to ignore.
You may ask if we still have to comply given we’re leaving the EU? The answer is yes! Firstly, when the GDPR comes in to effect, we will still be a part of the EU and secondly, the UK will adopt all EU legislation immediately after Brexit. There’s just no escaping it.
How it will affect your business
Anyone who collects and processes personal data (defined by the GDPR as a Data Controller) will be required to comply with the new regulations to a certain degree. As well as organisations with websites or apps, this also includes any organisations who use internal databases, CRMs or even just email.
If you have forms on your website that collect names, email addresses, phone numbers, addresses etc, then GDPR will affect that form. If you are using any email marketing, CRM systems or any other system to pass information submitted from a form, it is affected. Any forms dealing with commerce of any type; shopping carts, order forms, payment gateways, will be affected. In essence, any personally identifiable information collected via your website, will be subject to GDPR compliance.
How do you make sure your website is GDPR compliant?
The first place to start is with a review of your website and this is where Bespoke 4 Business can help by reviewing and updating the following two key areas:
Privacy Policy
We can provide you with a website privacy policy that outlines your business' practices in relation to the collection, storage and use of personal data gathered on your website. It sets out the purpose of data collection on your website, the types of information collected and the scope and limitation of data processing on your website. New additions to comply with GDPR include telling users where the data is stored, how it is used, how the data is organised and made accessible, how users can request to view the personal data you hold on them and how they can request its removal.
Update your Website Forms
A big part of GDPR is the requirement to gain consent from users to process their personal data and the data must only be used for the purposes that consent has been given, for example, if someone contacts you through your website with an enquiry, that does not give you permission to add them to your email marketing list. We can update your contact forms, call back requests and newsletter sign-ups to include a consent / opt in statement to request their permission to be contacted for marketing purposes and make them comply with GDPR. The rules have changed from giving users the choice to opt out to making them explicitly opt in.
What will it cost?
Once you’ve decided to go ahead with the updates to make your website GDPR compliant, we will review your website and provide you with a tailored quotation. This will depend on the number of contact forms you have on your site and their complexity. The charge will be a very small fraction of what you could be faced with for non-compliance!
As a reminder
You have until 25 May 2018 to become compliant with the GDPR, at which time those organisations that are in non-compliance will run the risk of heavy fines that could ultimately ruin your business. Those few months will soon rush past so it’s advisable to take action now. We obviously cannot force you to make the changes to your website and forms, it is ultimately your responsibility. All we can do is advise you on what needs to be done and provide you with a way of making your website and form processes fully comply with the GDPR.
For more information or a quotation to update your website, please contact us today on 01202 684400.
