Did you know that the new rules regarding the General Data Protection Regulation (GDPR) came into effect last year on 25 May? Are you aware what the protection laws do and how they have changed? Or even if it affects your business? It replaces the previous 1995 data protection directive. The new 2018 regulation is enforced by the Information Commissioner’s Office (ICO) and the Government has confirmed that the UK’s decision to leave the EU will not alter this.
The GDPR is Europe’s new framework for data protection laws and applies to ‘controller’s and processors’. A controller determines the purposes and means of processing personal data. A processor is responsible for processing personal data on behalf of a controller. If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach. However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with GDPR.
GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
GDPR does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.
Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA). If you are complying properly with the current law then most of your approach to compliance will remain valid under GDPR and can be the starting point to build from. However, there are new elements and significant developments, so you will have to do some things for the first time and some things differently.
GDPR requires organisations to maintain an RoPA, covering the ‘legal basis’ for holding personal data, how it is processed and who it is shared with. One of the most well-known elements of GDPR is the power for regulators to fine businesses that do not comply with their legislation. These are monetary penalties that are decided by the ICO.
Whether or not you collect information via Contact Forms or via other forms on your website, all websites collect the IP addresses of visitors via their cookie bar. The new GDPR legislation deems this to be information which could be used to identify visitors to your website, therefore unless you have taken steps to ensure that your website is GDPR compliant, you are in danger of a GDPR breach and could be subject to a heavy fine. We are urging all WiserWeb clients to ensure their websites are GDPR compliant.
Please visit The WiserWeb GDPR page for information regarding our GDPR compliance service.