GDPR and Websites

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and it addresses the export of personal data outside the EU.

The GDPR will apply in the UK from 25 May 2018 and the government has confirmed that the UK’s decision to leave the EU will not affect its commencement of the GDPR.

The following article is only a summary of our findings and if you store, use or handle individuals' data you should ensure you are fully up to speed on this legislation by visiting the ICO website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

Who does the GDPR apply to?

The GDPR applies to 'controllers' and 'processors' of data. In short, any business that stores, uses or handles data for itself or its clients will be affected by the new GDPR legislation. 

What information does the GDPR apply to?

Personal Data - any information that could be used to identify an individual. For example, name, email address, telephone numbers, account numbers, ip addresses, etc.

Sensitive Data - any information that is deemed sensitive would be things like: political views, sexual preference, medical history, etc.

Key Aspects of GDPR

The GDPR provides the following rights for individuals:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

 
A full description of each of these areas is provided on the ICO Website.

How Should a Website Support GDPR?

The following is a summary of what we think are important features and requirements of a website:

  • Ensure all sign-up forms clearly describe what the individual is signing up for
  • Ensure all secondary sign-ups (e.g. an opt-in tickbox on an enquiry form) have the opt-in tickbox UNTICKED by default as it is illegal to pre-tick these now
  • Ensure you have a GDPR compliant Privacy Policy published on your website and also referenced (with a link) on every opt-in form (Altido can provide you with a free privacy policy, just contact us and we'll send one through)
  • Ensure you have a Cookie notification stating if your site uses cookies and advising how to disable them

 

For our full list of GDPR requirements or if you would like a free privacy policy, please get in touch so we can talk through your specific requirements in more detail.