What is the GDPR?
From May 28th the new general data protection regulations (GDPR), Regulation (EU) 2016/679, come into effect. These will give individuals far greater control over their personal data, with the scope of what constitutes personal data greatly enhanced to include:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;”
For businesses in or trading within the EU, this means much tighter controls need to be in place to ensure that the terms of the GDPR are not being breached. The full text of the regulations is available online from the GDPR Info website and is required reading for anyone who is responsible for data within a company of any size and all sole traders.
For small businesses, this may seem daunting, but there are a few simple things you can do.
7 Steps to Get Ready for GDPR
- Audit all the personal data you use or hold. This means information for customers, visitors to your website, newsletter or mailing list subscribers. This means data you hold or collect both on and offline.
And any forms on your site need a consent button, so people know what information you will hold and an opt-in for any related mailing lists.
- Move your site from HTTP to HTTPS. This is vitally important if you run an online store or accept credit card details. It’s less of a priority for non-commercial sites but does give your visitors a level of reassurance and also has advantages for your site’s SEO.
- Update your Terms & Conditions. These must specify what data you hold, why, where, and how customers can find out about this. Communicate any changes to an existing policy to your customers.
- Document your Data Retention Policy. Know what you are storing where so that if someone asks what you are holding or asks for information to be deleted, you can easily find it and comply.
- Ensure all Personal Data you hold is stored securely. This means checking that any cloud storage you use is GDPR compliant (for example, Google Drive is not unless you have a My Business account), and any files that you keep in your home or on your laptop are secured, either with a physical key or with a digital one.
In the next few days I’ll publish posts to tackle most of these issues from a technical perspective. First, it’s important that you start on your audit, so you know what information you collect, why, and where it’s stored – both on and offline.
Image credit: iStock.com/Matthew de LangeDo you need help? Contact me now to arrange a personalised tech support or training session.