General Data Protection Regulation (GDPR) is a set of rules concerning the privacy and security of personal data for EU citizens. On 25 th May 2018, GDPR came into place. If you are running a website outside the European Union(EU) and you have no customers from EU then you need not think about GDPR. However, if you collect any data from EU citizens then you must ensure that your website follows GDPR. This law affects all the sites that collect the personal data of EU citizens. If your website fails to follow GDPR then you have to give heavy penalties. The fine is split into 2 levels. The first level is 2% of your global annual turnover for the previous year or €10 million, and the second level is doubling both figures. Now I hope you can imagine the importance of GDPR.
Awareness about GDPR is the first step to prepare your website accordingly. You and your employees should be aware of the GDPR regulation. Even though if you are running a B2B company your website should be GDPR compliant. Because you may have the personal data like the email address of the clients which can be used for some marketing purpose.
Factors you should consider to prepare for GDPR
1. Perform website data audit
You need to identify what type of data you are collecting through the website. The most likely ways that you might be collecting the data are through contact forms, online payments, blog, comments, subscriptions, etc. Even though you are using third party payment gateways, email marketing platforms, etc. it is your responsibility to make your website GDPR compliant.
Another question is where you are storing these data? Normally you store such data in the website database. If you store the data in an external content management system (CMS) or customer relationship management system (CRM), you have the responsibility to check that these systems are also fully compliant. You should also review who has the permission to see the personal information stored on your website. Always try to limit the access to such stored data in order to limit the potential for any non-compliance issues.
2. Update your privacy policy
Once you complete the website data audit, you should update your website’s privacy policy. Your policies should be transparent enough to understand and must inform visitors of exactly what data you collect, what you use it for, how you store and protect it, how long you hold it for, and whom you share it with. If anyone wants to remove their own personal data completely from your website then you should give them the option for that also.
3. Make sure your site is secure
An SSL Certificate is an important factor to have in place for GDPR. This is because SSL certificate provides you with another layer of security. If your site is SSL certified then your web address begins with https:// with a green padlock icon. As you know SSL also helps to rank higher in Google Search Result.
No matter where you live, it is good for your business website to complies with the General Data Protection Regulation. For that just know the GDPR requirements and take steps to protect the personal data of your website visitors and customers.