Is your personal website or blog ready for GDPR?

Is your personal website or blog ready for GDPR?

Is your personal website or blog ready for GDPR?

The EU General Data Protection Regulation (GDPR) is the biggest change in data privacy for 20 years. However, GDPR does not just affect businesses, organisations and charities. It will most likely also require changes to your own personal website of bog. Is your personal website or blog ready for GDPR?

What is GDPR?

Is your personal website or blog ready for GDPR?

Currently the UK uses the Data Protection Act 1998 to govern people’s personal data. However, a lot has changed since 1998. Just think, how much is done online now compared to 20 years ago. GDPR supersedes the Data Protection Act 1998. It introduces much tighter regulations around the storage and use of identifiable personal data. It also brings with it much tougher fines for non-compliance and data breaches. It is also designed to make Data Protection regulations almost identical across the whole of the EU.

Do I need to worry about GDPR with the UK leaving the EU?

Yes. Despite the UK announcing its departure from the EU. GDPR will apply to all EU Member states from 25th May 2018. Whilst the UK is still a member state of the EU. It is also most likely that the entire GDPR will also be brought into UK legislation after the UK has excited the EU, and will therefore still apply.

What does this mean for me?

GDPR is rather complex and I strongly recommend you at the very least read the ICO’s recommendations on GDPR which can be found on https://ico.org.uk. In summary if you collect, hold or use any personal data on your website, including tracking cookies or collect any other identifiable information, you will be affected by GDPR.

What steps do I need to take?

    1. Ensure your website has an adequate Privacy Policy. This should contain an array of information on what information you collect, cookie information, how you use and store personal data and what steps you take to keep  personal data safe. Your Privacy Policy should also remind users of their rights, such as their right to be forgotten.
    2. If you allow users to signup/register to your website, you must make it clear what they are signing up to.
      As part of the signup process, you must make the user view and sign to confirm the terms of signup.
      Include a checkbox which specifically asks the user for their consent to you storing and using their personal default.  If you share any information with any third parties, you must make the user aware and request their permission at sign up.
    3. If you allow visitors to comment on your posts/pages, you must also make them aware and consent to you storing the personal information they have entered. This is the same should you also offer a forum or message board. You must also make them aware of how you will use their data and make them confirm their acceptance of this by checking a checkbox.
    4. If you sell items on your website, as well as the websites ‘Privacy Policy and Terms Checkbox’ you must display a second checkbox. This must ask the user if they consent to you storing the additional identifiable information, such as their shipping address.
    5. If you offer a live chat service, you must get consent from users to store their personal information and messages if you do so. It is also best practice to make them aware how long you store their messages for. E.G. 24 hours.

All checkbox’s must be unchecked by default!

What is ‘The Right to be forgotten’?

If you retain or collect any identifiable information, you must have a ‘Right to be forgotten’ policy in place. This means that a user can contact you at any time, and ask that you remove all of their information that you store on them. All personal data, their IP address, as well as ensuring this is done from all third parties (if any) that you have passed their information to. You must provide this service for Free.

SSL Encryption

If you website does not already utilise SSL Encryption. I would also recommend that you implement this as soon as possible. It will not only help make you’re website more secure, but also make it more trusted. Google also includes SSL Certificate checks as part of its ranking algrithm.

Disclaimer

I am not a legal professional but an IT Professional. I have written this post based on my understanding of GDPR. I strongly recommend that you visit https://ico.org.uk for further information, or contact a professional if in any doubt.

 

James Harding

Leave your message

%d bloggers like this: