You may not think that the new General Data Protection Regulation (GDPR) applies to your website because it is an EU regulation and your business or organisation is based outside of the EU.
However, it is important to remember that GDPR deals with the data protection rights of all EU citizens. This means that if EU citizens provide you with their data via your website, you need to make sure that the site complies with GDPR requirements.
The Issue of Consent
One of the main areas which website owners need to think about is consent. If you are using consent as the legal reason for holding and processing personal data then you need to ensure that it is obtained and used in the right way.
- Make sure that individuals know what they are consenting to.
- Do not hide requests for consent away with your website terms and conditions.
- Make sure that the giving of consent requires a positive action to be taken by the individual.
- Use consent only for the purpose for which it was given.
It is vital that you ensure that you comply with GDPR requirements for consent, or you could face significant fines and other sanctions. In fact, you could face these measures if you fail to comply in any way.
Preparing for GDPR
There are certain actions that you need to take, in order to prepare for the imposition of GDPR, on 25 May 2018.
- Check what personal data you are holding, where it is being held and who is responsible for managing it.
- Delete any personal data that you no longer need.
- Make sure that you have a record of all consent, including when and how it was obtained and who obtained it.
- Make sure that all third parties you deal with are also compliant, such as web designers, SEO providers and data processing providers.
It is up to each business and organisation to ensure they are compliant, or face potentially serious consequences.