As you may or may not be aware on the 25th May 2018 the data protection laws change.
The General Data Protection Regulation (GDPR) is a new EU regulation aimed at helping to strengthen data protection for EU citizens and residents both within the EU and the wider world.
Anyone who collects and processes personal data will be required to comply with the new regulations.
The maximum sanction for non-compliance with the GDPR is £17 million or up to 4% of your annual worldwide turnover (based on figures from the preceding financial year), whichever is the greater.
Below are the changes that are needed on your website.
Consent is a key part of GDPR legislation and it is important for any website that collects personal data to obtain specific permission to use it in the course of their business.
Visitors to your website must understand exactly how you are planning on using their data and must agree to each specific purpose.
Implied consent is no longer sufficient. Consent must be given through a clear affirmative action, such as clicking an opt-in box or choosing settings or preferences on a settings menu.
‘By using this site, you accept cookies’ messages are no longer sufficient. If there is no genuine and free choice, then there is no valid consent. You must make it possible to either accept or reject cookies.
Privacy notice and terms and conditions
You will need to update your terms and conditions on your website to reference GDPR terminology. You'll particularly need to make it clear what you intend to do with the information once you’ve received it, and how long you'll retain this information both on your website and elsewhere. You'll also need to communicate how and why you're collecting data.
Secure Website (SSL)
If your website does not have an SSL certificate, it will be flagged up to visitors as unsafe. This is an aspect of web browsing that aims to protect users and keep personal data safe and secure.
Having an SSL certificate basically means a small green padlock appears at the top of the browser. This informs visitors to your site that it is safe, and personal data is not at risk.
Any website that uses any type of form or asks for information – even a simple contact form or newsletter subscription box – absolutely must have an SSL certificate. It encrypts transmission of the data.
Please see our images below for more guidance.