Running your website under the GDPR • O’Brien Media Ltd
  • Our Swindon web design team
    Call today on 01793 239 239
  • Here Monday to Friday
    9:00am to 5:30pm
  • Website design based in
    Swindon, Wiltshire

Running your website under the GDPR

What is the GDPR?

On May 25th 2018 the General Data Protection Regulation (GDPR) became law.

The GDPR requires websites to inform their users about what information they collect, store, and share, and establishes specific rules about the kind of consent required before websites can collect personal data. 

This means that websites now need to as for consent more explicitly, and detailing their use of personal data more specifically in their privacy policies.

The GDPR doesn’t only apply to businesses. Charities, clubs, and even blogs need to comply or face fines.

From 25th May 2018 GDPR is law...

What should you be doing right now?

You’ll want to designate someone to lead on GDPR compliance.

If you’re a one-person business, that’ll be you.

You need to disclose how and why you collect personal data, how long it is retained, and who it is shared with.

With Drupal, WordPress and WooCommerce, you also need to consider how plugins and services your website uses affect customer privacy.

Work out how you will respond to Right of Access and Right to Erasure requests.

There are some helpful new personal data export tools coming to WordPress and WooCommerce, and in Drupal too, but you need a plan for how you will handle requests from website visitors relating to their data.

Plan for the worst, and know what to do in case of a hack security breach.

No one wants this to happen, but preparing for this worst case scenario is part of your privacy responsibility under the GDPR.

Get in touch today!

Some articles that may help...

You should include this information in your emails to be GDPR compliant

Prompted by the GDPR and its headline-grabbing fines, businesses have worked hard to ensure that they have a proper legal basis for their email marketing. This usually means consent from users, although in some circumstances “legitimate interests” may also be an option. In addition to establishing a proper basis for marketing under the GDPR, businesses should include certain other information in their emails.


Europe’s top court rules tracking cookies need active consent

As part of a case between consumer groups in Germany and the website Planet49, Europe’s top court has ruled that pre-checked consent boxes, or assumed consent, for analytics and tracking cookies are not legally valid – in any circumstances and violate the GDPR and ePrivacy Directive.

New ICO GDPR guidance: Passwords and encryption in online services and websites

The latest guidence from the ICO (Information Commissioner’s Office) could be relevent to anyone operating a website that allows users to log in, whether it’s staff, volunteers, customers, or the general public. Although the GDPR does not say anything specific about passwords, you are required to process personal data securely by means of appropriate technical and organisational measures.

We can give you a hand getting your website GDPR ready...

We hope these resources will be helpful as you navigate operating a website in this new world of the GDPR and protected data, if you need any help implementing any of the changes required under the GDPR just get in touch!