Obligatory disclaimer: we are web designers, not lawyers – so what follows does not represent legal advice. If you require legal advice, always consult a qualified legal expert. The objective of this post is to raise awareness of the forthcoming implementation of the General Data Protection Regulation (GDPR) and to provide an introduction to the regulation.
By 25th May 2018 all EU businesses will be required to comply with the General Data Protection Regulation (GDPR). This new legislation supersedes the requirements of the Data Protection Act 1998 and has been designed by the EU to strengthen individuals’ rights regarding the collection, use and storage of their personal data.
Note that the planned exit of the UK from the EU (Brexit) is largely irrelevant as the UK Government has announced that the regulation will be brought into UK law.
GDPR is mainly concerned with the collection of data by your business – plus its storage, security and management. It also calls for complete transparency about the data you collect. Many of the issues to be tackled relate primarily to the personal data your business stores (in all capacities); the activities of your website are only one aspect of the regulation.
Forms and mailing lists
Many websites use online forms to collect data and to invite users to sign up to mailing lists. If someone contacts you through your website with an enquiry, this doesn’t give you permission to add them to your email marketing list; explicit permission is now required.
Forms should use ‘Active Opt-in’ options for mailing list sign-ups (and similar). In other words, a tick box for the user to be added to your mailing list should NOT be ticked by default. The user needs to actively tick the relevant box, if they wish to be added.
If you operate mailing lists (and any other data collection methods) which use third-party suppliers (e.g. MailChimp), it is your responsibility to ensure that they also comply with the regulation. The same rules apply to your own in-house contacts and mailing lists.
A wealth of information is available from the Information Commissioner’s Office who will regulate compliance with the GDPR in the UK. A full guide to GDPR is available at their website and you can request printed publications of the guides and associated advisory information.
Whilst your web designer will be able to assist you with the technicalities of displaying the information, the content of the policy will normally be composed by the website owner, with professional legal assistance where necessary.
Legalo Legal, Suffolk
Legalo (www.legalo.co.uk) are UK-specialists when it comes to making sure employers and businesses operate legally. It can be difficult knowing what your responsibilities are, and feeling confident with them. This concern can now be easily rectified.
Based in Suffolk, Legalo are offering all of our clients free templates that you might need in order to meet your responsibilities. These templates cover all of the elements that affect the vast majority of UK businesses. They take away the stress and concern, and get you web legal, quickly.
In addition to these handy web tools, Legalo are also giving away free disclaimers for your business emails – don’t miss out, find out more about what Legalo can do to make you web legal today by clicking here: www.legalo.co.uk/blog/website-legal-requirements.