{"id":8000,"date":"2018-02-02T14:00:02","date_gmt":"2018-02-02T11:00:02","guid":{"rendered":"https:\/\/top.host\/blog\/?p=6438"},"modified":"2019-10-18T11:12:22","modified_gmt":"2019-10-18T08:12:22","slug":"gdpr-website-compliant","status":"publish","type":"post","link":"https:\/\/top.host\/blog\/gdpr-website-compliant\/","title":{"rendered":"GDPR: Is your website compliant with the new regulation?"},"content":{"rendered":"

Before starting our discussion on whether your website is GDPR compliant or not, you should understand what GDPR actually is and how it is going to affect you. GDPR stands for <\/span>General Data Protection Regulation<\/span><\/a> and it aims to change the ways in which data is extracted and used for everyone in Europe.<\/span><\/p>\n

When this regulation comes into effect, individuals will have a higher degree of control over data that will be taken from them. GDPR will be officially applied on 25<\/span>th<\/span> May 2018 and there is no grace period once this date passes by. Nevertheless, you should be compliant before this date no matter what.<\/span><\/p>\n

Even though this regulation will affect literally everyone, marketing and business organizations that collect customer data will be affected more. They need to make sure that they are not breaking any of the clauses present in the regulation. GDPR is aiming to be the global standard in data protection as it is applicable to people in Europe as well as businesses and organizations outside Europe that provide services or offer goods to people in Europe. <\/span><\/p>\n

Website owners have to be really careful now since most of the forms that capture data on websites fall within the scope of GDPR. It is interesting to note that nearly 35% of the web pages that are owned by<\/span> FT30 firms<\/span><\/a> collect personally identifiable information (PII) through insecure means. The startling fact is that 29% of these web pages don\u2019t even use an encryption and 1.5% of these pages have security certificates that have gone past their expiry date.<\/span><\/p>\n

Things that you should know as a website owner<\/b><\/h2>\n

The complete GDPR document is massive, but we have a summary of the most important points that you need to watch out for, to be on the safer side. Let\u2019s dive in.<\/span><\/p>\n

Understand what personal data means<\/b><\/p>\n

As part of GDPR, a whole range of data can now be categorized as personal data. Below is the exact sentence quoted from the regulation:<\/span><\/p>\n

\u201c<\/span>Any information relating to an identified or identifiable natural person (\u2018data subject\u2019); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.\u201d<\/span><\/i><\/p>\n

The most important change is the fact that IP addresses and location data are also considered as personal data. IP addresses fall into personal data in the hands of a website operator if:<\/span><\/p>\n

    \n
  1. There is another party (such as an ISP) that can link the dynamic IP address to the identity of an individual; and<\/span><\/li>\n
  2. The website operator has a “legal means” of obtaining access to the information held by the ISP in order to identify the individual.<\/span><\/li>\n<\/ol>\n

    What, why and how long?<\/b><\/p>\n

    If your website collects data from customers, they have the right to ask you three questions and you\u2019ll need to answer them. They have the right to know what kind of data is being collected, why the data is being collected and for how long it is going to be stored with you. Above all that, you\u2019ll need to state with whom the customer should get in contact with, regarding the data collection and use.<\/span><\/p>\n

    Everything requires flow of information<\/b><\/p>\n

    Until now, if a person had some sort of an inquiry that was made through your site, you could easily add them to your email marketing list. It was possible to send them details about promotions, deals or newsletters. But with GDPR, you need to clearly state in advance the purpose for which you will use someone\u2019s personal data. The person from whom you are collecting data still object to its use at ANY time. If the person is a minor, their guardian or parent can do the same. A website can only use the data specifically for what they have informed the user beforehand.<\/span><\/p>\n

    Data Breach<\/b><\/p>\n

    As a website owner, you will need to have certain precautionary measures in place in the case of a data breach. Moreover, the data breach must be reported within 72 hours depending on the severity of the breach itself, especially if it poses a threat to the rights and freedoms of natural persons.<\/span><\/p>\n

    \u0391s a risk to the rights and freedoms of natural persons can be perceived the processing of personal data that can lead to physical, material or non-material damage. In particular:<\/span><\/p>\n