A quick easy guide to prepare for GDPR
A Simple, Quick list of GDPR Requirements for Photographers’ Websites.
With the GDPR deadline quickly approaching, have you thought about how it affects your website and what you need to do to make it compliant?
Here at Grizzly, we’re doing our best to ensure our clients know exactly what they need to do to ensure their websites are protected and compliant from a GDPR perspective.
There is so much information relating to GDPR that it’s hard to know exactly what you need to do, but we’re here to help and have done our best to collate as much information as possible for you here.
WHAT WE’LL RUN OVER WITHIN THIS BLOG IS:
- An overview of GDPR Rights
- A list of advice to get your website compliant
We have put together the following information to help your website comply with the new GDPR regulations, which come into play on the 25th May 2018.
SO WHAT IS GDPR ALL ABOUT?
The General Data Protection Regulation focuses on how businesses use clients or potential clients’ data, how they process the data, store it and how long it is intended to be stored. They must also make sure that they fully inform the client providing the data what will be done with it once it has been submitted. Without express permission from the client, the business will be in breach of the new regulations. Have a read of the full rights and requirements here.
The GDPR provides the following rights for individuals:
• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling.
WHERE TO BEGIN
Starting off you should be thinking about the following:
1. What processes do I currently have in place for storing clients’ information?
2. What do I do with this information after I’ve got it?
3. How long do I keep this information for, once I have it?
CHANGES TO YOUR WEBSITE
With GDPR auto opt-in is no longer an option. The client must now be fully aware of what data they are providing to any business and must themselves consent rather than it being done automatically.
Do you collect emails from your forms or hold emails from your former clients who are on your mailing list? If you answered yes, then now is the time to send an email out to each of them asking them to re-opt in should they want to remain on the mailing list. This is essential and if they don’t want to stay on the list then their data within your marketing software should be deleted permanently.
THIRD PARTY SITES AND APPLICATIONS
DATA SUBJECT REQUESTS
Over the last few years, Google and other major internet providers have been strongly focused on the security of websites. As of this year, Google will require all sites to have an SSL in place otherwise a website will have a red bar showing any visitors a warning stating that this website is unprotected. With this in mind, we strongly suggest that you make sure that your website has an SSL in place, which will allow safe transactions of information between the client’s computer and the server. For more information regarding SSL and to make sure your site is secure please check out our previous blog.
While we hope we have covered the basics here, we strongly recommend reading up yourselves on any official GDPR websites, such as the ICO website, as this has much more in-depth information that may be more relevant to your business.
We really hope this article has helped to better prepare you for GDPR. Good luck!