General Data Protection Regulation (GDPR) - what you need to know
1. What is GDPR?
Let's start at the beginning: GDPR stands for General Data Protection Regulation. As the name implies this is related to the user data recorded by websites when someone navigates or uses their services. The purpose of the GDPR is to improve data privacy and also the way companies/businesses approach or plan this matter.
The General Data Protection Regulation (GDPR) is Europe's big new data privacy law. It comes into effect on 25th May 2018 and is intended to strengthen and unify data protection for all individuals within the European Union (EU).
2. Will this affect my business?
Yes, as long as you record information that can uniquely identify an individual (for example: names, photos, email addresses or an IP address) you (or rather your website) will need to comply to the new standard. The only exceptions are anonymous forms like polls or quiz forms that do not collect any personal data. Or if you DO NOT store your form data anywhere.
This will affect both companies that are located in EU and also those outside of the EU that process personal information regarding EU citizens.
The new legislation will come into effect on the 25th of May 2018.
3. What are the GDPR requirements?
- Explicit Consent: users need to give explicit consent for the website to collect their information. This consent cannot be masked in a lengthy 'Terms and conditions' text, but needs to be separate and very clear to the user.
- Access to the offered information: you need to allow users to view the information collected from them on your site.
- Option to remove the information: you will need to offer users an easy way to withdraw their consent and remove their information from your site.
4. How can SmartRange Ltd help me with this?
Case 1) If your website contains a contact form or some other form that collects personal data (think online shop registration or booking forms), AND your website stores that information in your website's Database, then the easiest way is to contact us and have us add a mandatory consent checkbox. People filling in the form then need to tick this, before they are able to submit the form. If you are tech savvy and have login details to your own website's admin area, you may do this yourself.
Case 2) If you do not need to store the submitted data on the server, get in touch with us and we will remove the default storage of data from your web form. You will of course still receive emails with the submitted data and it will then be up to you, if and how you store that information on your own computer/email client.
In either case, you will also need to give people an option to remove their personal data upon request.
5. Our suggestion for most CMS websites (excludes eCommerce sites)
Contact us to disable storage of data on the server for web forms. This way, no information will be saved to the database and you therefore are to some extent excluded from the new GDPR.