What is GDPR?

On May 25th 2018, new EU legislation comes into force for the protection of personal data, called the General Data Protection Regulation (GDPR). The regulation requires organisations to conform or be working towards regulations that govern data control by 25th May 2018.

At Frank Health we have invested time and resource understanding the new regulations and the areas of GDPR that directly impact our business and our clients. As your website provider, we want to ensure that you are informed regarding what is required to ensure your digital platforms are GDPR compliant.

Why is GDPR so important?

All businesses/organisations that have a website have a responsibility to their users to keep their data safe and protected, and to ensure they have full consent to store their users data in line with the new laws.

The internet is still a largely unregulated space and as such, the purpose of the new GDPR regulations serves to protect individuals' information by giving them greater control over how their personal data is used in an effort to move towards greater levels of legislation and making the internet a safer environment for all users.

What do I need to know about GDPR?

GDPR is largely centred around transparency and informing individuals about not only how their personal data is being used, who it is being used by but also for how long and the length of time it is being stored.

Personal data is any information that specifically relates to an individual such as name, address, phone number and IP addresses to name but a few examples.

Data that is considered sensitive all falls under the new rules and this can include details around religious beliefs, ethnicity, sexual orientation, race, health status, as well as any political opinions and criminal offences. GDPR requires anyone handling data to be clear about what data is being processed and for what purpose, as well as state who the subject should contact in regards to the handler's data processing methods.

In summary: if you are using, processing and storing data which could potentially identify another person,
then you must comply with the new GDPR regulation laws.

What happens if I don’t comply with GDPR?

Failure to comply may result in fines of up to 200,000,000 Euros or 4% of your annual turnover as well as a reputational risk to your organisation/business.

To avoid such steep ramifications, it is important to start investing time in reviewing your website and working towards making sure it is fully GDPR compliant with the help of your digital provider.

How can we help make your website compliant with GDPR?

1. Carry out a personal data audit on your behalf
2. Ensure your privacy policy and external forms are reflective of the new regulations
3. Ensure you website has an SSL certificate (please ask for our guide on SSL certification)
4. Encrypting Personal Identifiable data at rest (stored data)
5. Personal data needs to be encrypted at rest, such as contact forms

Who can I get in contact with to talk about GDPR?

Please call 0161 273 5354 to talk to one of our Directors/business development managers.