After four years of preparation the GDPR regulation was finally approved by the EU Parliament The Enforcement date is: 25 May 2018.
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
A regulation is a binding legislative act. It must be applied in its entirety across the EU, while a directive is a legislative act that sets out a goal that all EU countries must achieve.
This regulation includes any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
The GDPR leaves much to interpretation but says that companies must provide a “reasonable” level of protection for personal data, but does not define what constitutes “reasonable.”
If you process data about individuals in the context of selling goods or services to citizens in other EU countries then you will need to comply with the GDPR, irrespective as to whether or not the UK retains the GDPR post-Brexit.
What is the GDPR
The GDPR includes the following rights for individuals:
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
What does this mean for our customers
In general terms, there are three main categories that you and your website could be held to account
- Personal data held on your website – if your website has any forms for contacting your business, applying for a service, or completing an online transaction then there’s a good chance you will need to act
- Analytical data – this is data that is collected for use in marketing and improvements. All of the websites that we maintain for our customers have this included. This enables us to make recommendations to you on how to improve the online presence of your site.
- Data collected by the web hosts. All of our web hosts collect logs of which ip addresses have visited your site, along with any errors encountered by the server. This is essential in order for us to investigate when there is a site outtage, as it helps us to find the cause. All web hosts have already got GDPR plans in place.
What do I need to do
If you’re worried that your site may not be GDPR compliant, contact us and we will create a report of what data your site holds, and make recommendations as to where you need to make improvements in security and other amendments to meet the regulation.