What is GDPR?
On May 25th 2018, new EU legislation comes into force for the protection of personal data, called the General Data Protection Regulation (GDPR). The regulation requires organisations to conform or be working towards regulations that govern data control by 25th May 2018.
At Frank Health we have invested time and resource understanding the
new regulations and the areas of GDPR that directly impact our business
and our clients. As your website provider, we want to ensure that you
are informed regarding what is required to ensure your digital platforms
are GDPR compliant.
Why is GDPR so important?
All businesses/organisations that have a website have a
responsibility to their users to keep their data safe and protected, and
to ensure they have full consent to store their users data in line with
the new laws.
The internet is still a largely unregulated space
and as such, the purpose of the new GDPR regulations serves to protect
individuals' information by giving them greater control over how their
personal data is used in an effort to move towards greater levels of
legislation and making the internet a safer environment for all users.
What do I need to know about GDPR?
GDPR is largely centred around transparency and informing individuals
about not only how their personal data is being used, who it is being
used by but also for how long and the length of time it is being stored.
Personal
data is any information that specifically relates to an individual such
as name, address, phone number and IP addresses to name but a few
examples.
Data that is considered sensitive all falls under the
new rules and this can include details around religious beliefs,
ethnicity, sexual orientation, race, health status, as well as any
political opinions and criminal offences. GDPR requires anyone handling
data to be clear about what data is being processed and for what
purpose, as well as state who the subject should contact in regards to
the handler's data processing methods.
In summary: if you are using, processing and storing data which could potentially identify another person,
then you must comply with the new GDPR regulation laws.
What happens if I don’t comply with GDPR?
Failure to comply may result in fines of up to 200,000,000 Euros or
4% of your annual turnover as well as a reputational risk to your
organisation/business.
To avoid such steep ramifications, it is
important to start investing time in reviewing your website and working
towards making sure it is fully GDPR compliant with the help of your
digital provider.
How can we help make your website compliant with GDPR?
1. Carry out a personal data audit on your behalf
2. Ensure your privacy policy and external forms are reflective of the new regulations
3. Ensure you website has an SSL certificate (please ask for our guide on SSL certification)
4. Encrypting Personal Identifiable data at rest (stored data)
5. Personal data needs to be encrypted at rest, such as contact forms
Who can I get in contact with to talk about GDPR?
Please call 0161 273 5354 to talk to one of our Directors/business development managers.