This is a very light-weight introduction to the subject of GDPR and how it applies to your website.
The new General Data Protection Regulation (GDPR) will be in force across the EU from May 25th, 2018.
The purpose is to strengthen the rights of individuals with a resulting increase in the obligations of organisations.
These regulations affect every business, no matter how small, as they must be able to demonstrate accountability for their data processing activities.
“At the centre of the new law is the requirement for organisations and businesses to be fully transparent about how they are using and safeguarding personal data”.
Our focus is in relation to how the new regulations apply to your website.
If someone sends you a message from your website then you are in receipt of personal data, in the form of a name, email address and so on.
Even if someone visits your website simply to browse, then you are in receipt of personal data in the form of their IP address.
This might seem daft, as you generally cannot identify an individual from their IP address.
However, a ruling in a case brought to the European Court in 2016 means that the legal position is that the IP address is regarded in law as personal data.
If you want to learn more about GDPR then visit the http://gdprandyou.ie website.
These are two distinct if easily confused aspects to GDPR.
However, the Data Commissioner now refers to this document as a Privacy Statement or Data Privacy Notice.
It is also referred to as a Privacy Notice which, being the shortest, is the one we will use to signpost the page on websites.
We will not be dealing with this aspect of the regulations, but I would refer you to what the Data Protection Commissioner refers to as ‘The Twelve Steps’*
Read about the GDPR 12 Steps here: http://gdprandyou.ie/gdpr-12-steps/
* A phrase more often associated with a set of guiding principles outlining a course of action for recovery from addiction, compulsion, or other behavioral problems.