If you’re following the millions of updates in your inbox and the blogosphere, you’ll know that laws concerning how websites collect, use and keep data have been updated. The General Data Protection Regulation (or GDPR for short) makes sure businesses of all shapes and sizes respect their users’ data and security. So what does that have to do with you? Well, for starters, you may need to update the security on the data you hold from your clients. You will also need to consider how you use the data, where it goes when you’re done with it, and how you’ll keep your users informed.
To give you a hand with this transition, here’s a handy checklist on the GDPR changes:
Know your limits
The data you collect from your users might be sensitive information. Your team should be asking: are all users aware that you collect this information? If the answer is no, start by making sure all your opt-in forms clearly state why you need the info you’re getting. Once that’s sorted, you should also make sure your audience knows if and why you’re using cookies – is it clear to your users that your use of cookies is responsible and limited?
Use the data wisely
It should go without saying, but only use the data you’ve collected for its intended purpose. For example, with permission, you may collect email addresses for your monthly digital newsletter. Secure this information so only your site can access it. If you do plan to share the addresses, say, for a competition or with a third-party, you will need to make it clear that you plan to share these details with a specified partner. Consent is key in this situation, if your users don’t know about it, don’t use it or share it.
Send out a breach alert
On the off-chance that there’s security breach with the data you’re holding, you have to let your data subjects know about this within 72 hours of the breach.
To get this done you must:
- Investigate how the data that was compromised.
- Let anyone whose data may have been affected know, ASAP.
- Fix or upgrade any security that might have led to the breach.
The right to be forgotten
Your users have every right to want their private info wiped from your database. Deleting data when it’s no longer being used or there is a request to have it erased is an important step to ensuring your site is compliant. Make sure your users know this is possible at any time. If you’re performing a routine clean up of data, let people know this is happening. By maintaining 100% transparency, users will know the site can be trusted and won’t take advantage of them.
Now that these changes are being rolled out, there’s never been a better time to update your site’s usability or presence. This is where the Redline Digital team can help, we are experts in small to large scale web projects and make it our business to understand yours. Get in touch with us today.