Europe’s brand new General Data Protection Regulation (GDPR) has kicked in since May 25th, 2018. So, if I hear you asking: What have web designing services got to do with GDPR – then you’re certainly in need up this update. If you are doing business with any EU country, and you don’t know if your website is GDPR-compliant, then you need to speak with your website design agency ASAP as there are requiorements that you need to satisfy on your website.
Understanding GDPR Impact
If you thought GDPR is just something that will impact internet giants like Facebook, Google or Twitter – think again. By most accounts, the majority of firms affected by this legislation are small-to-medium size business owners. So, unless your web site design already complies with the law, your business could be in jeopardy of infringement.
At It’s Very Core, GDPR Mandates That Your Website Design Must Ensure:
a) It respects personal data collection, processing and storage of all EU citizens, regardless of which country (e.g. non-UE nation) your website operates from
b) Data privacy must be made a corner stone of your web designing efforts, and not an afterthought
c) Users of your website must be notified in advance, as to what personal information you are collecting and why
d) You must make it easy for users to delete their personal information held by you or on your website
e) You are mandated to explain why you are collecting such data, and what you will do with it (e.g.: Use it to send product news/updates; Allow 3rd-parties to use it to send you related offers)
f) If your web design exposes you to a data-breach, you must notify all your users of it within 72-hours of such occurrences
Most likely, unless you have owned or operated a website for less than a year or so – at most – your website designer may not have designed the site with GDPR compliance in mind. Most importantly, GDPR requires that you explain all of this to users in simple, easy to understand language – something that professional web designers are very good at doing.
GDPR-Compliant Website Design
So, how does one go about working with a web designer to ensure that your web site is, in fact, fully compliant with the new law? Well, like any professional service provider, the web team that you will work with will have a methodology for ensuring GDPR compliance. And it all starts with asking the following questions:
a) WHAT personal data do you collect?
b) WHEN (at what stage) do you request for that data?
c) HOW is the data collected (online forms, cookies, 3rd-party apps)?
d) WHY do you need to collect it?
e) HOW do you store it?
f) WHO else (other than your website designing team and internal staff) have access to that data?
g) IF others (e.g. 3rd-parties) have access to that information, then WHY (what are they doing with it)?
h) WHAT does your website do with each piece of that data once users have provided it to you?
i) DO you have adequate security protecting that data?
j) IS all communication between your website and end users encrypted?
k) DO you use cookies to track users browsing habits or location?
l) What type of data privacy policies has your website shared with your users?
These are just some of the points of GDPR that website owners must embrace to be compliant in letter and spirit of the law.
What’s At Stake For Non-Compliant Website Design. The Simple Answer: Lots.
Non-compliant websites can have drastic impact on your company. According to the legislation, you may be fined up to the greater of 4% of your annual global turnover or €20 million. Of course, there is a tiered approach to the fines, and the legislators consider the nature and circumstances under which non-compliance occurs. However, there is no guarantee that, if your web design team hasn’t done a good job, you won’t face that higher or maximum penalty.
Is that a risk you wish to take? The only way to guarantee that you are on the right side of GDPR, is to consult with a professional website design services company. They will have worked with other websites on their GDPR requirements, and they will know all there is to ensure your website is fully GDPR-compliant too.
If you have any questions regarding your website and GDPR email info@myit.ie or call 01-6216866