The Countdown has Begun
You’re probably sick of receiving emails about GDPR compliance; opt in to this, opt out of that etc.
However, there is a very, very good reason why all these companies are sending you emails right now – they don’t want to get prosecuted after May 25th for not complying with the law. And the fines can be heavy – very heavy.
If you have a data breach, apart from having to pay the fines imposed, you are also required by law to contact all of your clients and inform them of your data breach, what information may have been stolen and the processes that you are putting in place to recover & protect their data in the future. Imagine what impact that could have on your business!
When it comes to your website, if you are an e-commerce site or newsletter signups, online contact forms or any other application that requires a visitor to send personal data to you, then your site must employ encryption during the transmission stage in order to prevent possible data theft.
Pretty much every website uses the bare minimum of a contact form and therefore these sites must protect the data that they are gathering and the easiest way to do this is through the use of and SSL certificate.
These need to be purchased from SSL vendors, usually renewed annually and must be installed on your website via your hosting account.
Once in place, your domain will change from http://www.yourdomain.com to https://www.yourdomain.com. Some browsers do not display the http:// or https:// part of web addresses, so you may have been unaware of this in the past. However, with the GDPR update, so too many browsers have also updated, to show the visitor that a site is secure and the website is taking measures to protect their data.
When visiting a secure, encrypted site, visitors will see something like this in the browser window:
However, visiting an insecure site, which is not using encryption, the visitor will see something like this:
Seeing “Not secure” slapped on your website isn’t exactly confidence inspiring for your visitors, is it?
It’s not just your website you need to protect, but also any data that you hold. You probably have lots of personal data stored in various places around the business.
- Do you have a good understanding, and documented record of the data you hold?
- Do you need to either gain or refresh consent for the data you hold?
- Do you have a defined policy for how long you retain personal data, so you don’t retain it unnecessarily, and ensure it’s kept up to date?
- Is your data being held securely, keeping in mind both technology and the human factors in data security?
Whether you are a data controller or data processor or both, do you have the correct legal arrangements in place?
If you do not have this in place on your website by 25th May when the new legislation comes in to force and you experience a breach in data, you may be prosecuted.
If you are unsure as to how GDPR affects your website, please do not hesitate to contact us.