GDPR was arguably THE buzzword of 2018!
– at least in terms of business and digital commerce.
Many of us have heard of it, even if it is not in our field, and many would have noticed some of its effects when we are online. But just what is it?
GDPR, which stands for General Data Protection Regulation, is a regulation that is intended to protect individuals’ privacy online. When we go online, we often end up sharing personal information about ourselves and about our habits. Before GDPR, regulations regarding this data had been quite relaxed and the information that has been gathered has been open to abuse.
For example, some companies were collecting data on people and then selling the data on to 3rd parties without user consent. GDPR is designed to put an end to such practices, protecting your right to privacy and how your data is handled by merchants, banks, healthcare providers and more.
How Does GDPR Affect Your Small Business?
To begin with, GDPR might sound quite daunting. It sounds like lots of rules and regulations that put you in shackles in regard to how you can operate online. The reality is, though, that it is not nearly as scary as it might first sound. You may need to make some changes in regard to how you operate online, but these shouldn’t cause wholesale changes to how you operate as a business.
Collecting Data
One of the biggest changes is how you are now able to collect data from visitors to your website end elsewhere online. You might have noticed how many sites are now asking your permission to use cookies? Well, this is partly due to GDPR. You now have to let visitors to your site know that your site uses cookies and ask permission from them to do so. This is because cookies gather information from people, and you now have to have their permission.
You are now only allowed to collect data on customers if there is a genuine need to do so. For example, you will likely need credit card details and a mailing address in order to process any orders that have been made. If no order has been made (and if there is no other genuine reason to collect such data) then you are not permitted to collect it.
Be Absolutely Clear
Whenever collecting any data, you also have to make absolutely clear what it is to be used for, and you are only permitted to use it for the stated purposes. Beforehand, websites were gathering all sorts of information on internet users even without their knowledge. This information could often then be used for marketing purposes or even for more sinister intentions. GDPR helps to close such potential breaches.
Full Transparency
At any time, should anybody ask what information you have about them, you are obliged to answer the request in full. You are obliged to reply within one month and you are not permitted to charge for the service. Anybody can ask for a full digital copy of the data you have on them and they are free to use this information however they wish to. Even if you suspect they are going to hand this information to a competitor – you are still obliged to hand it over.
People also have the right to demand that you completely discard of any information that you might have on them. If such as request is made then you are legally obliged to comply in full. What’s more is that if there has been a security breach and data has been leaked, you are expected to inform the authorities straight away.
Brush up on the Law
For most small business these changes should not make much, if any, difference to how they operate. Most businesses respect their customer’s data anyway, so not much should change for them. Regardless, it is best to brush up in the regulations to make sure that you are meeting your legal obligations. Make sure that you dot the ‘i’s and cross the ‘t’s and there is no reason why you should not be able to carry on more or less as you have been.
Get Professional Help and Advice
Granted, getting to grips with GDPR in full will take some time, and applying the principles to your online presence will require even more time still, but NECL can help take the strain off your shoulders and the weight off your mind – ensuring your websites are GDPR compliant and functioning exactly how they should.
Call 020 3664 6365 for more details or to discuss your GDPR concerns in full.
