GDPR… What does it mean for you and your website??
To Be Clear!!
We are not lawyers!! This is not Legal Advise this is simply our understanding and interpretation of how GDPR will impact you.
This impacts all websites that deal with European based users in any way shape or form.
So, what does it actually mean for us, you and the many websites out there?
In reality, nothing much has changed from the cookie law, or any other rules and regulations that control what data we as website owners collect in our day to day business. The GDPR simply attempts to roll all of them into one simple to use, simple to understand methodology and compliance advice guidelines. Yes, the EU has a big stick to wield on non compliance but as small businesses as long as you allow all your visitors to OPT IN – give a clear indication to them of how you intend to use their data. Give explicit instructions on how to get removed from a mailing list or your store data (remember, if you have details of a customer in your store and they want that deleted, you must for Tax purposes inform them that you will keep that data for up to 7 years in order to comply with your tax office but, will not use it for any other reason) .
Where GDPR advice is not clear is where you are being told by a lot of advisors, that you need a data officer or DPO- not quite true.
DPOs must be appointed in the case of: (a) public authorities, (b) organizations that engage in large scale systematic monitoring, or (c) organizations that engage in large scale processing of sensitive personal data (Art. 37). If your organization doesn’t fall into one of these categories, then you do not need to appoint a DPO. (Source) I.E PayPal, Amazon etc.
So, basically, if you are a small business who takes orders from the general public using an outside payment processor or other small business where personally identifiable information is submitted and kept, all you need to do is explain this in plain English on your website within your privacy policy – which hopefully, most of you have already.
Remember to add to your privacy policy that commenting is also included in GDPR.
The basis of this directive is aimed at the Big Boys, just as the VATMOSS was aimed at companies registered in low VAT Euro States. GDPR must be observed but only as far as you need to observe it so, don’t panic, its all going to be OK.
Here are some links that will help you comply – its always a good idea to make sure you making an effort?
The consensus of opinion is that as long as you are doing your very best to comply, the GDPR authority will be very accommodating. Remember, complying is all part of doing business and by demonstrating that you are making best efforts to protecting and using customer data responsibly and appropriately you will benefit in many ways, especially – trust!
Here is a link straight from the horses mouth that gives you the info you need with regards to complying with GDPR
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
At Hemel Web Design we will continue to use the 3rd party solution we have always used that is automatically updated when any changes of law occur and allows you to chance the service covered with in it at any time. It does have a small annual fee but we feel this just takes the worry out of it for us. Links to which can be seen here –
Privacy Policy & Cookie Policy
However if you would rather not take up such a service here are a few templates that might come in handy –
https://www.nibusinessinfo.co.uk/content/sample-privacy-policy
In Addition WordPress is going a release that is scheduled for today 4.9.6 where they will provide you with the tools you need to comply with some of the elements. below are some screenshot from the beta version.
Note: GDPR removes the ability for interpretation and is a law binding regulation “as is”.