What is GDPR and How Does it Affect My Business?

EU GDPR LogoIn May 2018, GDPR or General Data Protection Regulation will come into force replacing the current Data Protection Act of 1998. GDPR aims to give individuals more control over how companies use their data, and will introduce fines for those to break the rules.

GDPR is a massive step towards transparency, showing users exactly what happens to their data and who has access. Compliance however can be a big job – we’re updating all of our websites to include privacy notices to ensure we’re still compliant with EU regulation.

When does GDPR Come Into Force?

GDPR will be in force from May 25th 2018 across all EU member sates, and although the UK is set to leave the EU it has been confirmed that UK law based on GDPR will be drafted for Brexit. There’s no getting out of GDPR compliance.

What is GDPR?

GDPR is in essence a set of rules that organisations must follow when collecting and using user data. This applies to everything from Facebook posts to contact form responses. If your website is already displaying cookie banners and a privacy policy you’re in a good place, you won’t need to update much to get compliant.

How do I Get GDPR Compliant?

What is a Privacy Notice?

A privacy notice in essence outlines the following for users:

A privacy notice is similar to a privacy policy and will need a few key pieces of information, set out in the ICO guide to privacy notices.

What about Google Analytics?

Google Analytics would be classed as a data processor under GDPR, this means that you’re sending google user data for processing (for showing hits, bounce rate, time on page…). If you’re using Google Analytics you should declare this in your privacy notice along with the information you collect.

If you are able to identify individual users in analytics you should ask users for permission before you collect any data. This means that you shouldn’t load any analytics scripts before the user gives their consent.

Wrap-Up

GDPR overall is good – users are able to see what happens when they click ‘submit’ on forms or when posting to a website, and there are much clearer rules for organisations showing what they can and can’t do with user data.

Need Compliance Help? We’re here to help, contact us to see how we can ensure your business is compliant with the new regulations.