Sponsored Post

The new rules have put a lot of businesses into a frenzy, thinking how they can tighten up their data procedures and avoid hefty fines that were previously capped at £500,000 but can now reach up to £20 million euros.

The idea of the GDPR is to have tougher rules on the handling and storage of personal data and tougher punishments for websites and business owners that do not look after data seriously. The legislation comes after several online hacks of well-known businesses including Linkedin, Ashley Madison and eBay. Our tips for making your website GDPR ready are listed below.

1. Have a strong privacy policy

Each website should have a strong and detailed privacy policy in time for the new regulation. This should clearly inform subjects how long the data will be stored for and who they should contact if they have any questions relating to their data. To be compliant, websites should give users a simple way to request their data and receive a copy by email or post.

2. Be careful with mailing lists

Some important changes to data protection now mean that you cannot add people to your mailing list without their physically opting in. Whilst this has been the case for many years, there has been a very relaxed attitude about enforcing it.

Have you ever made a one-off enquiry to a website or submitted a comment to a blog and find yourself getting their weekly newsletters? This is because the website will have your email address anyway and may add you to their mailing list to keep you engaged, regardless of whether you authorized it.

This type of thing will no longer be acceptable and in fact, there is a debate whether you will have to ask every single email subscriber you have to opt in again, and this could cause companies to lose huge amounts of their databases overnight.

3. Allow deletion of customer information

Someone that requests for their data to be removed, must literally have their details and all information removed without a trace. This is not just opting out a customer from receiving newsletters, but taking their name off the system so that they cannot be found again and no staff member will have access to it.

4. Add encryption

Websites are strongly encouraged to add extra encryption to their website to avoid the threat of hackers or data breaches. It is recommended that every website has an SSL certificate, starting with https and there are additional benefits to this such as helping your rankings on search engines.

Other encryptions include the development of specific IDs for customers. So in the event that data is stolen, the names of customers will not be available since it will be under a number or ID.

Websites that hold databases are encouraged to tighten up their security and can use companies such as Mongodb and Grakn Labs.

5. Handle submissions and applications with care

GDPR requires websites to state what data is being processed and for what reasons. For instance, those looking for an insurance quote or personal loan will be accustomed to filling in details - but now there requires greater transparency over what these details are for.

Websites will be taking advice from compliance over whether it is sufficient to include this information in the privacy policy or mention it clearly within an online form or on the ‘thank you page.'