GDPR COMPLIANCE FOR SMALL BUSINESS WEBSITES
GDPR is coming: if you haven’t heard about it, or haven’t been bombarded with emails seeking consent to send you more emails then you have probably been living under a rock for the last few months! I would like to point out that this is intended as a guide for small businesses on how to get their WordPress websites GDPR compliant. This should not be taken as legal advice, and we would recommend that you speak with a solicitor/lawyer in order to check your business processes and website for compliance.
What is GDPR?
GDPR stands for General Data Protection Regulation and it is a new data protection law in the EU, which comes into force at the end of May 2018. The aim is to protect data and the rights of EU citizens and will apply to any business, anywhere in the world, if they hold information or sell to anybody within the EU. Unfortunately this means that Brexit, regardless of the form it takes, will not have an effect, and all UK businesses will have to be compliant. The risk of non compliance is quite a scary one, failure will result in a 20 million Euro fine or 4% of your worldwide turnover, whichever is higher, which would be paid to our good friends in Brussels.
In short, GDPR is replacing the data protection act 1998. The idea is to make sure that any worldwide business who holds personal data about EU citizens, collects it and looks after it with care and in a lawful manner which protects the rights of the individual. The idea is to protect EU citizens and their personal information, so the end goal is a good thing, but GDPR compliance for small businesses is a daunting prospect!
How Does GDPR Affect Small Businesses?
Whether you operate a website for a small charity, run a hobby website, or own a large multinational business, GDPR will apply to you. As mentioned above, failure to comply will result in a hefty fine.
The main issue, especially for small businesses is that it is difficult to understand GDPR, how you would become compliant, and if you even currently do anything which you shouldn’t under the regulations. Large and small businesses around the world have, will be or are spending billions on becoming compliant.
If you own a website, send emails, or store any personal data about any EU citizen, you should check your processes. Unfortunately, that covers a pretty large percentage of businesses in the UK. So it is important that you at least try to become compliant. Time is running out, the deadline for compliance is 25th May 2018!
How Can DLZ Design Help With GDPR Compliance?
As mentioned above, we are not lawyers, and so cannot give legal advice on this subject and we would recommend seeking professional help with the whole of your business processes, however we can help with your website, whether this be implementing advice from a legal professional, or covering the bases which we think need to be addressed.. We have contacted all of our clients to offer our help with this and are happy to help out with new clients too. Of course if you don’t want our help, you are welcome to implement the changes yourself.
How Can We Make Your WordPress Website Compliant?
The first stage in making any website compliant, be it a WordPress web design, Magento E-commerce Website or a standard html website is a full site audit. This should cover all of the site processes, including; cookies, 3rd party plugins, email forms, SSL, platform security measures, website hosting, privacy policies and any data collection which happens on the website.
Some wordpress websites will need little work to become compliant, however, old websites which do not have a WordPress maintenance package to keep things up to date and secure may have more issues.
Also, if your website collects and stores an personal data (ip addresses, email addresses, etc), it may be necessary to build functionality which allows those individuals access to this data and the ability to remove all of the data held about them if they wish. All data collection processes will also need to be checked in order to force users to explicitly give their consent to any future contact. A pre-ticked consent is no longer good enough, nor is an assumption that they entered their email address so they wanted emails.
How Much Will It Cost To Make My Website GDPR Compliant?
The cost of making a website GDPR compliant will depend on the website in question. As a general rule of thumb, the more complex the website, the longer it will take to become compliant due to the extra processes. However, if you would like to talk to us more about this, or would like a quotation for your website, please contact firstname.lastname@example.org or give us a call on 01530 411864
Further Reading on GDPR
- “Full EU legal text of the GDPR,” EUR-Lex Access to European Union law
- “Data protection: Better rules for small business ,” An overview of GDPR, European Commission
- “GDPR national implementing legislation across Europe,” GDPR Tracker
- “Digital privacy,” Digital Single Market, European Commission
- “Designing for new digital rights,” Projects by IF (Prototypes for informed consent)
- “Anonymisation: Managing data protection risk,” Code of practice, Data protection, Information Commissioner’s Office (PDF)