Custom code single news item block
Helpful guidelines to GDPR on your business’s website.Disclaimer: This article is not provided as authoritative legal guidance. Gem Internet does not accept any responsibility or liability that might occur directly or indirectly as a consequence of the use, application or reliance on this material. Here are some helpful guidelines for businesses to follow to help them in making their website more compliant […]
Disclaimer: This article is not provided as authoritative legal guidance. Gem Internet does not accept any responsibility or liability that might occur directly or indirectly as a consequence of the use, application or reliance on this material. Here are some helpful guidelines for businesses to follow to help them in making their website more compliant with the GDPR Data Protection regulations that will become enforceable after 25th May 2018. This is not a complete guide for all data protection best practice, but helpful guidance in respect to how to ensure a website can become more compliant. The General Data Protection Regulation (GDPR). GDPR is in place to make sure that businesses that store a users data do it in a secure & proper way. It’s about looking after of the information you, as an business, hold about other people and how it’s used.
The questions you need to review:It should start with a data risk assessment which is not limited to just the data revolving around a website but the whole business’s practices. You should address the following questions about your website:
- What data is being captured and held?
- When and where is it captured?
- How long will the data be stored?
- How is it being used?
- Do you have explicit consent from the user to have and use the data?
- Do you display who to contact to find out what data is held about a user and request how it’s being used?
- Do you display the process for a user to ask to have all the data you hold about them permanently removed from your system? (The Right to be Forgotten)
- Have a data breach process
- Appoint a Data Protection Officer (DPO)
- Have a ‘Right to be Forgotten’ process (also known as Right of Erasure)
- Have good default privacy settings
- Improve data encryption and work towards storing user profiles as pseudonyms
The website GDPR compliance guideline checklist:As an organisation you need to make sure you are registered on the ICO (Information Commissioner’s Office) website as a data controller (you may also be a data processor, too). Go to https://ico.org.uk/for-organisations/ for more information. The website checklist:
2. Cookie & privacy popup noticeThe easiest way to handle this for most website owners is to provide a simple explanation that users can clear and block cookies on their browser settings.
4. SSL certificateThe purpose is to securely encrypt all the details that are sent through any forms or fields on a website.
5. Pseudonymisation or anonymisationAs part of GDPR, ‘pseudonymisation’ means that websites will need to start moving towards the users being identified by a username only.
6. Newsletter signupsYou need to make sure the tick box that handles this subscription is set to the user has to opt-in and not opt out. Emails you send out all have an unsubscribe link, too.
7. User account creationIf your website is an online shop or allow a user to set up an account for access to services behind a login area, you will need to ensure that you have both the SSL installed and also start work towards the data being stored using pseudonyms.
9. Enquiry & contact formIf your website has an enquiry form for people to send you messages, you need to ensure the following are adhered to:
- The website has an SSL
- The details are not stored in the website’s SQL database unless stored encrypted
- If they are sent to you by email, your email service provider adheres to GDPR rules and that the email is stored and sent according to GDPR secure methods
- No pre-ticked boxes to automatically sign the enquirer up to a newsletter or mailing lists