What does GDPR stand for?
General Data Protection Regulation
When did it become a legal requirement in the UK?
It became a legal requirement under European Law in 23rd May 2018
What's it all about?
It generally gives anyone who has personal data about them stored in any format (electronic or paper) to have their data...
- Given to them
- Restricted from being used for any purpose other than its originally intended use
They also have the right to complain if they feel their Data is not being used correctly
As a business what do I have to do?
You have to have a Policy that demonstrates how you are satisfying the above requirements.
How many Policies do I need?
Only one but it has to cover all systems where personal data is collected. For example...
Website - Cookies, Forum/Message Board, Website Registration, Ecommerce/Shopping, Newsletter Subscription etc are all examples of where user data is collected
Your Own business - Customer list, Marketing list, Taxi collection, Contacts list, Spreadsheet/Databases with customer data, Sales system/Databases are all examples of where user data is collected
What is a Website Cookie?
A Cookie is a small snippet of data that a browser such as Google Chrome creates and stores when you visit a website. This typically contains user data such as
- Location data
- Login username & password data(so you dont have to login again next time)
- Website Interaction tracking data (did you see a particular message or click a particular link for example)
Some examples of Website Cookies that you might need to declare on your website
- Username & Password remember(Browser)
- Google Analytics
- Website Analytics
- AddThis(Social Media Sharing
- Google Ads
How does that impact on a website?
A website comes in two flavours when it comes to GDPR
- It collects user data and has browser cookies
- It does not collect user data and has browser cookies
If it does collect user data a website needs to clearly state what user data is collected, how that user data is used, for what purpose the user data is used and how and what type of browser cookies are used.
If it does NOT collect user data a website needs to clearly state that it does not collect user data and how and what type of browser cookies are used.
I collect user data on my website, what do I need to do to make my website GDPR compliant?
I DON'T collect user data on my website, what do I need to do to make my website GDPR compliant?
Is there a Privacy Pages template I can use to create my own Privacy page?
Are there examples of existing Privacy Pages I can use to further help create my own Privacy page?
Those that collect user data
Those that do not
As long as you cover the basis info below you will be satisfying the GDPR requirement
- State who runs the website and its contact details so I user can instruct any data changes
- State whether you do or do not store user Data
- State the users individual rights
- State how the user Data is used and for what purpose
- State how a user can complain if they feel their data is not being used appropriately
- State the website applications that collect user Data such as an online Newsletter feature(eg Mailochimp), Forum or Shopping cart and what user data is collected
- State any other applications that collect user Data that are exclusive to your website such as a bespoke business directory and what user data is collected
- State that when clicking on embedded Third Party Adverts(Google Ads for example), Sponsored Links Etc Cookies are used to collect third party Data (If applicabl)
- Overview of the GDPR - General Data Protection Regulation
- Data Protection Act 1998
- Privacy and Electronic Communications Regulations 2003
- The Guide to the PECR 2003
- Small business GDPR policy template
* Please note this is meant to be a basic Guide to GPRS. Wrap up Web cannot take responsibility for any liability due to the use of, implementation or recommendation of its contents herein.