It’s been a while since I’ve sent a newsletter, and this one is extremely important that will affect you and your website.
You’ve probably been receiving emails like I have been from every major and minor company you either do business with or have an account with regarding new policy and privacy updates. This is because of a new regulation called GDPR that affects anyone with a website that collects information such as an email address or stores a cookie. Everyone is starting to get inline and I’m sure we will see lawsuits start to kick in later this year for those that are not compliant.
The EU’s new data privacy law, the General Data Protection Regulation, goes into effect on May 25, 2018, and applies not only to EU-based organizations but also to anyone who has customers or contacts in the EU. What constitutes a contact at the lowest level is anyone who sends you an email or comes to your website from the EU.
We’re excited to announce that new tools are available to make your GDPR preparations easier.
I am in the final stages of implementing solutions for my own websites which we are just in the early stages of rolling out to our clients hosted with us. There’s quite a bit to do to make your website GDPR compliant. Ultimately, website owners that are not GDPR compliant can face large fines that can be enforced.
What is GDPR?
This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.
How do Businesses benefit from GDPR?
Build stronger customer relationships and trust
Improve the brand image of the organization and its brand reputation
Improve the governance and responsibility of data
Enhance the security and commitment to the privacy of the brand
Create value-added competitive advantages
When is the GDPR coming into effect?
It will be enforced on May 25th, 2018.
Who does the GDPR affect?
The GDPR applies to all EU organizations – whether commercial business, charity or public authority – that collect, store or process EU residents’ personal data, even if they’re not EU citizens.
The GDPR applies to all organizations located within the EU, whether you are a commercial business, charity or public authority, institution and collect, store or process EU citizen data. It also applies to any organization located outside of the EU if they also collect store or process EU citizen data.
What is considered personal data?
The GDPR defines personal data as any information or type of data that can directly or indirectly identify a natural person’s identity. This can include information such as Name, Address, Email, Photos, System Data, IP addresses, Location data, Phone numbers, and Cookies.
For other special categories of personal data, there are more strict regulations for categories such as Race, Religion, Political Views, Sexual Orientation, Health Information, Biometric and Genetic data.
What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements.
There is a tiered approach to the fines whereby a company can be fined 2% for not having their records in order (Article 28), not notifying the supervising authority and Data Subject about a security breach or for investigating and assessing the breach.
Can’t I just ignore GDPR?
Put simply, no, you can’t. A business is a business, no matter how small and these measures will apply to everybody. There is, however, a difference between the types of record-keeping duties between small and large businesses.
Having fewer than 250 employees in your company means you must have records of your data processing activities if the data relates to criminal offenses or someone’s privacy rights.
Those with more than 250 employees must keep much more detailed records, but as a small business, you might still have to keep in-depth files if you are dealing with highly sensitive or personal information. You are only exempt if you only process personal information from EU residents sporadically.
Do I really need to employ a data protection officer for my business?
Maybe — it all depends on what personal information you collect and the amount of data, rather than the size of your business. A group of organizations can employ one data protection officer, as long as that officer is wholly available when needed to the demands of all the organizations.
Where can I learn more about GDPR?
On top of this Google is enforcing having Secure Socket Layers (SSL) turned on for every page of a website. When you buy something or go to a page where you will be transmitting sensitive information the https://website.com turns to https://website.com. The “s” stands for secure. It simply means the website is securely encrypting the information that is passed through it.
So what does all of this mean?
For the world it means safer and more secure regulations concerning your privacy and the way data is handled.
If your website is not running SSL throughout, the Chrome browser will scream to your visitors that you are not running in a secured mode and your website is dangerous. It means that if someone reports your website as not GDPR compliant, you will be fined. For WebAuthorings it means an incredible amount of work that goes into just one website to make it secure and compliant. I’ve been experimenting with WebRETAKE.com. Most of the parameters are now in place. It took about 5-7 hours to make it compliant on every level including SSL. This was after weeks of research and reading. I’m still tweaking some of the things put into place.
The deadline for having your site GDPR compliant is May 25, 2018. Because we have smaller websites we can run under the radar for a little while, but I really don’t suggest you delay in having your website ready for these global changes. With close to 100 active web clients, I would much rather not have to go through these changes, but it is necessary and the cost of being compliant is far less than the penalties that can be brought against you.
To do both SSL and GDPR Compliance the cost will be $495. You can, of course, opt not to do either. If you choose not to comply with the current regulations, I will need you to sign off on a refusal statement acknowledging that you have turned down our services in making your website compliant and secure and that WebAuthorings, its affiliates, partners, employees and third-party companies will not be liable or responsible in any way if your website is non-compliant with current industry regulations.
Click here to access the GDPR Refusal Form
If you have multiple websites with us as some of you do, we will discuss a multi-site package for these changes.
Unfortunately, if your website is not running on the WordPress platform, we will not be able to help you with these new rules and regulations. If you would like us to recreate your current website within the WordPress environment, we can do this and will include making your website GDPR compliant and secure as part of the process.
Here is what we will do for your updates:
- Create the SSL environment to secure your entire website
- Create a new Privacy Page that includes information on personal data, forms, cookies, third parties affiliated with your website
- Install an app that forces the new privacy page to appear before a visitor can use your website.
- Install and configure an app that integrates with Gravity Forms, Comments, and WooCommerce which adds a checkbox to every form where data is collected.
- Create the request forms for:
Your Privacy Preferences, Request deletion of your account, Register a formal complaint, Request your data export. (May take up to 72 hours), Request data rectification.
- Creation of a footer banner that explains cookies and a sign-off that the user will either accept them or not.
I expect calls and emails from many of you concerning the changes. It doesn’t matter where you are hosted. If you are the website owner and operator you will be responsible for the changes.
~ Howard & The Staff
9 Raven Ct
West Milford, NJ 07480