The biggest change in data protection law in 20 years!
A small law change in Europe has set the entire internet world into a frenzy with the arrival of the GDPR. With fines of up to €20 million or 4% of the annual global business turnover it’s a new regulation that’s not to be taken lightly. Let’s try and sum up this very intense and tricky topic.
Please be clear that by no means are we giving any kind of legal advice. We are solely giving you a summary of what we understand of the GDPR.
What is the GDPR?
GDPR is the abbreviation for “General Data Protection Regulation” and will be enforced from 25th of May 2018. This regulation is a European law, protecting data and privacy for all European citizens.
I am in New Zealand, why is this important for me?
This new law has been put in place in order to protect private data from individuals within the European Union. Anyone who handles private data from individuals needs to comply with the new law. You, as a New Zealand Business owner, offer your products and services online, therefore, your business will have to comply. To give you an example: most websites run a program in the background called Google Analytics, this allows data to be collected about your website visitors. If you have a European citizen visit your website, you need to be in line with GDPR requirements. And if you think it’s as simple as uninstalling Google Analytics to save you the hassle, think again because if you have a contact form on your website, a newsletter sign-up, a booking system or your selling items online – this is all governed by the GDPR and you will need to make some updates to your website.
What is private data?
Now let’s take a closer look at what data we are talking about in case you are still not convinced that this is actually of concern to you. This new law aims to protect any kind of information that can lead directly or indirectly to the identification of a person. Such as name, phone number, e-mail address, IP address, location data, and photos. Even if your data management is looked after by a third party such as a CRM system or Mail Chimp you are still liable for this.
What do I have to do to comply to GDPR?
There are a few things every website owner needs to do. Here are the basic, unmissable parts:
- Add or update your privacy policy. If you don’t have a privacy policy on your website yet, it’s time to add it in a visible place like your website footer. You might want to contact a lawyer for this or use tools you find on the internet to help you generate one.
- You also need to add an alert to your website that you are using cookies. Yes, cookies! These are things that store data about you in order to optimize your user experience and create ads that are unique to your interests.
- You need to upgrade to https if you haven’t done this yet. Read more on https here.
- These are the basics to get compliant with GDPR. But, every business and website is different. Start thinking about the user journey and where you or third-party providers collect data from your customers. This includes:
- Contact forms
- Newsletter sign-up (MailChimp)
- E-commerce pages (check-out)
- Accommodation websites (booking system)
- Google AdWords
- Brochure/catalogue downloads
- Memberships
- CRM Systems
What are these changes about?
These changes to your website allow you to explain to your website users, that you are collecting data from them during their visit. It will also give them more information about where and how you collect it and gives them the option to request that all their data is deleted, updated or transferred to a different third party.
So, what now?
Simply get in touch with your website host (us) to add all the necessary bits to your website. This does not mean that we will put everything in place for you, as you will have to provide some information such as your privacy policy yourself. Your website host will take care of the technical side of things and upload new pages and add the cookie alerts.