GDPR: How will it affect web design?

12 Dec
gdpr

GDPR: How will it affect web design?

By Web Design , , 0 Comments

GDPR (General Data Prgdprotection Regulation) is an upcoming rule that governs the handling of personal data. GDPR will be enforced in May 2018, across the EU, including the UK (regardless of its Brexit status at the time).

The GDPR regulations will replace existing regulations that dictate how companies are allowed to collect, store and use the personal information of their clients. The new regulations are designed to give control of personal information back to ordinary people, prioritising them over the interests of businesses.

Therefore, it’s important for web design companies, and their clients, to be aware of this new legislation and adhere to it accordingly.

What are the provisions of GPDR? 

The legislation included in these new regulations include:

  • The right for people to access, correct, delete or transfer any personal information held about them on any company system.
  • The need for companies to gain explicit consent from citizens for their personal data to be held. The company must then save this consent.
  • The legal obligation for companies to inform data authorities and consumers about breaches of data security, within 72 hours of them occurring.

Who needs to comply to GDPR?

Simply put, any company that operates within the EU which handles and stores personal information will need to adhere to the new rules. GDPR does not discriminate between business giants and small businesses. Furthermore, the penalties for not complying to GDPR will be very severe. Violation of the terms of GDPR can result in a penalty of 4% of your company’s annual turnover or a fine of 20 million euros (depending on whichever’s highest).

How will GDPR affect web design and website owners?

In order to avoid these severe penalties, website owners will need to ensure that:

Explicit consent of any user is requested before data collection takes place: consent needs to be freely given, specific, informed and non-ambiguous. There must be positive opt-in consent given; consent cannot be inferred from pre-ticked boxes or inactivity

Provide a clear and accessible privacy policy: The privacy policy will need to inform users how the data you’re collecting will be stored and what it will be used for.

Have a means for users to request to view their data: This needs to be possible for your users, and requests for data must be granted.

“Right to be Forgotten”: Provide your users with a way to withdraw consent and purge the personal data you have collected about them.

While all of this may seem overwhelming, there are steps to take to ensure that your website is conforming to GDPR.

  1. Conduct a personal data audit

Ask the following questions about the data collected on your website:

What data am I collecting?

This includes data collected and stored through your own website, or data collected by a 3rd party.

  • Do you have a contact form collecting email addresses, phone numbers, names etc?
  • Do you collect personal details on a third party email marketing service i.e. Mailerlite, MailChimp?
  • Do you operate an online store and collect customer data in order to process orders?

Where is it stored?

Do your contact forms store personal details on your website database? If your website has an eCommerce facility, personal customer information is likely being stored on your website database. These databases are often stored unencrypted so if the database is breached, personal information about your customers can be exposed and collected.

Is all of this data necessary?

If you limit the amount of data you collect, you also limit your potential for breach and non-compliance with GDPR. If you feel that some of the information you currently collect and store on your website isn’t strictly necessary, you can take steps to stop collecting it and purge it from your databases.

  1. Compose a privacy policy

Your website will need a privacy policy page, which is easily accessible, that informs your users how the data you’re collecting will be stored and used. It will also need to inform customers how they can request access to their data and the steps to take to withdraw consent for their data to be stored and used.

  1. Implement SSL certification

Websites that use HTTPS send data over an encrypted connection. If your website has an SSL certificate, you’re making steps towards GDPR compliance. Without HTTPS, data from a contact form (for example) will be sent unencrypted, and can therefore be intercepted by a 3rd party in transit. This blog post will tell you more about the importance of HTTPS.

  1. Understand what must be done in the event of a breach

GDPR requires the data controller to have defined processes in place in the event of a data breach. The data controller has a legal obligation to report a data breach within 72 hours. For more information about this, take a look at this article on the reporting of data breaches.

  1. Children

GDPR, for the first time, brings in special protections for children’s personal data – particularly in regards to commercial internet services such as social media. If your organisation offers online services to children and relies on consent to collect information about them, you will need to gain the parent or guardian’s consent in order to process the child’s data lawfully. GDPR sets the age at which a child can give their own consent to this processing at 16. This means that your privacy information page must be written plainly enough for a child to understand.

  1. Data Protection Officer

Where possible, you should designate someone in your company to take responsibility for data protection compliance. You will need to designate a DPO if you are:

  • A public authority (except for courts acting within their judicial capacity);
  • An organisation that carries out regular and systematic monitoring of individuals on a large scale;
  • An organisation that carries out large scale processing of special data categories including health records, or information about criminal convictions.

How will GDPR affect email subscriptions and newsletters?

GDPR will require provable consent for someone being on a mailing list. For new subscribers to your list, gaining consent will be easier, but what about existing email marketing clients? The original consent might not have been kept.

Current customers – demonstrate the “existing customer relationship”

Email subscribers with provable consent – keep and maintain records that prove their consent

Email recipients without provable consent – if the email programme can be considered a service, the act of opening and clicking (i.e. ongoing recipient email engagement) could be enough to show an “existing customer relationship” with your email programme. In this case, you will need to be able to demonstrate the ways in which your email programme is providing a valuable service for your customers. This will take into account the value and use of your emails, and the financial damage or detriment to your customers if the emails were to stop.

Lapsed  customers – No legal basis for storing he data without clear consent, customer engagement or consistent email activity: Delete unnecessary details.

Inactive email subscribers – With no recent consent, customer relationship or ongoing email activity, you have no legal basis for storing the data: Delete unnecessary details.

3rd Party Email Systems

3rd Party email systems come under the definition of “data processors”, as they hold and process personal data on your behalf for the purpose of sending out emails. It is important to check the privacy policies of any 3rd party email system you use to ensure that they are GDPR compliant. Most of the major 3rd party email systems are based in the US and will likely already be GDPR compliant, or on the way to becoming so. US companies require Privacy Shield compliance, which has been developed by the US Department of Commerce and the European Commission to protect the flow of personal information between the EU and the US.

Contact a Professional For Advice

GDPR is a drastic overhaul of current EU privacy and data regulation; so naturally, the entire process can appear a little daunting. To speak to a professional, and see what steps need to be taken to make your site GDPR-ready, simply get in touch today.  

[mailerlite_form form_id=4]

Share this post

Author

I'm a copywriter with a BA in English Language and an MA in Linguistics from Southampton University. I specialise in social media and content writing for websites.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

wordpress websites

WordPress Websites: Why You Need To Use Them
24th July 2017 | | Blog, Online Advertising, SEO, Web Design | , , , , , | 0 Comments

In this day and age, it is important that every business has a website. Your website should be easily... Read More

Web Design Southampton

The importance of a business website
31st May 2016 | | Blog, Web Design | , , , | 0 Comments

The growing age of technology is becoming even further integrated into our everyday lives. But why is it so... Read More

Wordpress Plugins

What Do You Know About WordPress Plugins?
30th June 2017 | | SEO, Social Media, Web Design | , , , | 0 Comments

WordPress Plugins are interchangeable adaptations that help enhance your website design. Southampton WordPress Specialists can use them to help custom-build... Read More

web design southampton

Site Structure and SEO: How to Build an Optimised Website
9th August 2017 | | Blog, SEO, Web Design | , , , , , , , , | 0 Comments

Search engines favour websites with great site structure. If you’re looking to get your website to the top of... Read More

Web Design Southampton

Web Design secrets revealed; free images for your website
30th August 2016 | | Blog, Web Design | , | 0 Comments

  For many writing the content for a website can become the hardest task, however, if you’re having a crack... Read More

Business Website

7 Hack Proof Security Tips For Your Business Website
19th May 2017 | | Web Design | , , , , , , , , | 0 Comments

So the recent virus attack on the NHS business website this week has caught everyone by surprise. The BBC... Read More

web design for southampton

5 Rules Your Business Needs to Know About Web Design
12th May 2017 | | Web Design | , , , | 0 Comments

Every business needs a website in this day and age and great, effective web design for Southampton businesses is... Read More

user-friendly web design

User-Friendly Web Design and Your Business
18th June 2018 | | Web Design | , , , , | 0 Comments

User-friendliness, as the name would suggest, just refers to how easy it is for a customer or user to... Read More

Call to Action

Do you know what a Call to Action is?
22nd June 2017 | | Blog, SEO, Social Media, Web Design | , , , | 0 Comments

Don’t be shy, not many do. It’s sometimes referred to as a CTA and is defined as: “An image or... Read More

WordPress alt-tags

Introduction to WordPress Alt-Tags
5th May 2017 | | SEO, Web Design | , , , | 0 Comments

We all know how important Google SEO ratings are but do we really know how the system works? The... Read More