How To Become GDPR Compliant
What Is The GDPR?
GDPR stands for the General Data Protection Regulation and is a new EU regulation designed to increase data protection for EU citizens. It’s purpose is to make companies protect the personal data of its customers with hefty fines of up to 20 million (or 4% of annual turnover, whichever is greater) for companies that don’t comply with the laws.
Anyone who is what is defined as a data controller – someone who collects and processes personal data will have to comply with the new regulations, as well as companies who run websites or apps. This also includes any orginisations who use internal databases, CRMs or even just plain email. This new regulation will be coming into effect in the 25th of May 2018.
Help Your Website To Become GDPR Compliant
Here we will talk about a few steps to help you on the way to becoming GDPR compliant.
1) Data Protection Officer
A DPO is an individual or individuals designated by the Data Controller to be responsible for monitoring internal compliance of the GDPR within the organisation. This could be a specifically trained employee within the data controller’s organisation or a position that is out-sourced. Unless you are carrying out large scale processing of personal data a suitably informed in-house member of staff should be perfectly sufficient for this role.
2) Fair And Private Policies
You will probably have to update your fair processing and privacy policies that are listed on your site. Review whether the the information that you provide is explicitly clear. If something is happening with peoples data that they cannot clearly ascertain from the information that you provide, then you will need to make some changes and let them know.
Be sure to put in place a process for regularly reviewing and updating your fair processing information. It must reflect what you’re doing now, not five years ago.