General Data Protection Regulations (GDPR)
DISCLAIMER : Please refer to our disclaimer below before reading this page.
1. GDPR - What is it ?
The General Data Protection Regulation (GDPR) is a new EU regulation aimed at helping to strengthen data protection for EU citizens and residents both within the EU and the wider world. Essentially it says to businesses and organisations “If you want to offer your services or products to customers who are EU citizens, you better make sure you look after their personal data or else!”
2. When does the new GDPR come into force and who is responsible ?
The GDPR replaces the data protection directive and comes in to force on 25th May 2018.
So who is responsible ? Well, anyone who collects and processes personal data (defined by the GDPR as a Data Controller) will be required to comply with the new regulations to a certain degree. As well as organisations who run websites or apps, this also includes any organisations who use internal databases, CRMs or even just plain old email. In other words - YOU !
3. But the UK is leaving the EU so we don't need to worry or do anything, do we ?
Secondly, the UK will adopt all EU legislation immediately after Brexit. During this time, currently being called The Great Repeal Bill, the EU laws will be rewritten inline with Britain’s new position outside of the EU.
Thirdly, unless you are planning on denying access to your services, products etc. to any EU citizens or residents then you will need to comply with the GDPR or face the consequences.
8. What actual actions are required to make our website GDPR compliant?
Is this expensive ? to ensure that your not exposed to the potential fines if your found to be non-compliant, quote :-
So there you have it, a very brief overview covering GDPR for website compliancy, simply using our own experience. We hope we have helped to answer some of your questions.
Wrong !
Firstly, when the GDPR comes in to effect the UK will still be a part of the EU albeit one that is beginning the withdrawal process.
Secondly, the UK will adopt all EU legislation immediately after Brexit. During this time, currently being called The Great Repeal Bill, the EU laws will be rewritten inline with Britain’s new position outside of the EU.
Thirdly, unless you are planning on denying access to your services, products etc. to any EU citizens or residents then you will need to comply with the GDPR or face the consequences.
4. So what are the potential consequences of NOT complying with the GDPT ?
The maximum sanction for non-compliance with the GDPR is 20,000,000 Euros or up to 4% of your annual worldwide turnover (based on figures from the the preceding financial year), whichever is the greater.
5a. So what do I need to consider to make my website GDPR compliant ?
Ask yourself the following :-
5a. So what do I need to consider to make my website GDPR compliant ?
Ask yourself the following :-
Do you collect data e.g. from a website enquiry form, simple email or data booking system?
What are you using the data for e.g. taking enquiries, bookings or to answer queries?
Where is the data being stored e.g. on your personal computer, remotely, in a database?
Do you still need the data e.g. how long do you need to keep the data and how will you store the data?
If the answer is YES to any of the above, which I assume it is, then you need to take action.
5b. GDPR does not apply to my website, does it ?
I really don't think the new GDPR rules apply to my website because I do not sell products on-line, my website does not use a database, has no advertising on it plus there is no newsletter sign-up, it doesn't ask visitors for any personal information and I don't store any data of any description so surely, I don't have to do anything or worry about GDPR?
Wrong ! The basic minimum for any website is a "Privacy Policy" page plus a method of obtaining or declining a "consent to use cookies" whether you use them or not. See point 5c below.
Note, some cookies are also used to track website visitor statistics such as Google Analytics (who are already compliant with GDPR) otherwise you may need to "opt out" of certain tracking sites or ask to be removed from them.
5b. GDPR does not apply to my website, does it ?
I really don't think the new GDPR rules apply to my website because I do not sell products on-line, my website does not use a database, has no advertising on it plus there is no newsletter sign-up, it doesn't ask visitors for any personal information and I don't store any data of any description so surely, I don't have to do anything or worry about GDPR?
Wrong ! The basic minimum for any website is a "Privacy Policy" page plus a method of obtaining or declining a "consent to use cookies" whether you use them or not. See point 5c below.
Note, some cookies are also used to track website visitor statistics such as Google Analytics (who are already compliant with GDPR) otherwise you may need to "opt out" of certain tracking sites or ask to be removed from them.
5c. The use of cookies, accept or decline?
The GDPR states cookies constitute personal data, as they can be used to identify an individual. You must obtain clear, specific consent from users to place cookies and track them. This could be handled by a popup on a user’s first visit that allows users to consent to or decline cookie use. To comply, you cannot have a default answer (such as accept) but must require the user to pick an option. If the user doesn’t explicitly consent, you can’t place cookies on their browser. The site should still be accessible without cookie placement, though of course features such as personalization will be lost.
6. What action is required to make my website GDPR compliant ?
6. What action is required to make my website GDPR compliant ?
A big part, but not the only part, of GDPR compliancy is communicating to your users about how and why you’re collecting and using their data. So you need to be clear and tell them plus also give them a way to request a copy of it or have it deleted if they wish. You will also need to have your website analyzed and check for any technical issues, see 8 below.
7. What ask for our help to make our website GDPR compliant ?
Well you could simply do nothing and hope for the best, or self certify that your website is compliant or ask a legitimate and trusted 3rd party to investigate and confirm GDPR compliancy has been met, however, we feel an obligation to assist you ourselves, as we have had to go through a whole range of tests, checks and then actual modifications and additions to our own website is order to prepare for the new General Data Protection Regulations that are about to come into force, hence, we believe we have the necessary expertise, skills and experience to carry out the same work for you.
7. What ask for our help to make our website GDPR compliant ?
Well you could simply do nothing and hope for the best, or self certify that your website is compliant or ask a legitimate and trusted 3rd party to investigate and confirm GDPR compliancy has been met, however, we feel an obligation to assist you ourselves, as we have had to go through a whole range of tests, checks and then actual modifications and additions to our own website is order to prepare for the new General Data Protection Regulations that are about to come into force, hence, we believe we have the necessary expertise, skills and experience to carry out the same work for you.
8. What actual actions are required to make our website GDPR compliant?
a) Analysis of all your web pages and existing site code.
b) Identify any GDPR related issues, update code as required.
c) Identify any cookies set, identify their usage and requirement.
d) Make changes to, or remove cookies to maintain compliance.
e) Identify any tracking items, website statistics, usage data, logging etc
f) Alter code accordingly to anonymize results
g) Assess and analyze any 3rd party products or services used. Investigate any GDPR compliance impact or issues. Alter code accordingly.
h) Creation of new GDPR related pages, with site related information for website visitors.
i) Creation of any required acceptance notifications, implement into website.
Additional steps for any data capturing sites (eg, shopping carts, booking forms, contact forms)
j) Analysis of any data capture. Assess impact.
k) Creation of data handling policy. Implement into point 8.
l) Creation of report for customer with any extra information required.
If your still non the wiser feel free to get in touch and we will endeavour to explain further.
If your still non the wiser feel free to get in touch and we will endeavour to explain further.
9. How will you achieve the above?
If your website hosting is being provided by us here at Go-Webdesign.co.uk then the task is somewhat simpler as we have full control and access to all of your website, it's code, data, links plus any and all data files associated with it.
We have provided a general cost estimate in point 11 below, however as an existing Go-Webdesign customer, a discount price is offered and available on reuest (assuming we have not been in touch with you already). If your hosting with another provider and/or 3rd party e.g. GoDaddy, Fasthosts, 1 & 1, we can still help you, please read point 10.
10. We are not your customer, and our website is with another company, so can you still help us?
We have provided a general cost estimate in point 11 below, however as an existing Go-Webdesign customer, a discount price is offered and available on reuest (assuming we have not been in touch with you already). If your hosting with another provider and/or 3rd party e.g. GoDaddy, Fasthosts, 1 & 1, we can still help you, please read point 10.
10. We are not your customer, and our website is with another company, so can you still help us?
Absolutely
YES - we can still help you with GDPR compliancy. Regardless of who your current website provider is, we can still analize your website and based on that provide a free no obligation quotation on request. In order for us to proceed and take any actions on your website we would obviously need certain access to your website coding and data files, which can easily be achieved in a number of simple and secure ways.
To find out more please get in touch, or call for a no obligation chat, at your earliest convenience.
To find out more please get in touch, or call for a no obligation chat, at your earliest convenience.
11. The BIG question, "what will it cost to make our website GDPR compliant ?"
Cost = Time, meaning that it all depends on how much work is required and how long it will take us to complete it which in turn depends on several factors including :-
1. The size of your website e.g. no of pages, content per page.
Cost = Time, meaning that it all depends on how much work is required and how long it will take us to complete it which in turn depends on several factors including :-
1. The size of your website e.g. no of pages, content per page.
2. Does your website use a database
3. Does your website have links to other websites and/or 3rd parties.
4. What language is your website written in e.g. HTML, PHP, Java etc.
4. What language is your website written in e.g. HTML, PHP, Java etc.
5. Is your website based on a template e.g. Wordpress
6. Where is your website and/or web data stored.
7. Where are your emails stored
8. Where are your website enquiry form emails stored
But this still doesn't answer the main question "how much will it cost" ? So let's get off the fence and stick our necks out and say that on average, to make a website GDPR compliant will cost between *£300 - £600....there, now you have it.
Note - If your website is only a couple of pages, it will cost significantly less, if you have a 100 page e-commerce website it could cost more. We always provide a quotation and fixed price on request.
(* if you are an existing Go-Webdesign customer, hosting your website with us, then the cost will be considerably less)
6. Where is your website and/or web data stored.
7. Where are your emails stored
8. Where are your website enquiry form emails stored
But this still doesn't answer the main question "how much will it cost" ? So let's get off the fence and stick our necks out and say that on average, to make a website GDPR compliant will cost between *£300 - £600....there, now you have it.
Note - If your website is only a couple of pages, it will cost significantly less, if you have a 100 page e-commerce website it could cost more. We always provide a quotation and fixed price on request.
(* if you are an existing Go-Webdesign customer, hosting your website with us, then the cost will be considerably less)
Is this expensive ? to ensure that your not exposed to the potential fines if your found to be non-compliant, quote :-
"The maximum sanction for non-compliance with the GDPR is 20,000,000 Euros or up to 4% of your annual worldwide turnover (based on figures from the the preceding financial year), whichever is the greater"
Note - We will always confirm the actual cost prior to commencement of any action or work so to find out more, have a chat about your own unique requirements or request a no obligation quotation, get in touch !
So there you have it, a very brief overview covering GDPR for website compliancy, simply using our own experience. We hope we have helped to answer some of your questions.
Please don't hesitate to call us to discuss about any of the above or for a chat about your website or own unique requirements.
GDPR Information and Documentation
The full GPDR is a massive document - click
HERE to view it - so we have only outlined some of the most pertinent and common issues and points in as straight forward a way as we can on this page. If you need further help or assistance in finding out if your website is compliant, or need help in ensuring that it is, then please do not hesitate to get in touch.
DISCLAIMER :
We do not profess to know all about the new GDPR regulations, so this page contains only the very basic information and is intended "as a guide only" . It is not legal advice and is for informational and/or educational purposes only. Any reliance you place on such information is therefore strictly at your own risk. The information has been posted here to answer some of the most common questions that we've been asked ourselves, or that we've needed to answer and address in order to understand the new GDPR rules as they come into force on 25th May 2018.
Essentially, please seek legal advice about GDPR compliance if you haven’t already done so. Only qualified legal professionals will be able to give you and your business the best advice.