The impact of GDPR on corporate websites, and where to start!

17.04.18

With the looming GDPR deadline fast approaching, companies need to tighten up processes around capturing, storing and processing personal data. The impact of GDPR is significant for all companies, particularly so for those giants who have databases of hundreds of thousands of records that will not meet the new compliance requirements which are being introduced. From a web development and design perspective, it is essential that we now incorporate processes and methods of delivering compliance.

A corporate website is an important consideration when ensuring compliance, as this is where data is often captured. Formulate is helping clients to ensure that when a user enters personal details into their website, consent is collected freely and unambiguously. This means displaying a privacy notice, linking to a large privacy policy, clearly explaining how data will be stored and used, and inviting the user to take an action to give consent. Say goodbye to implied consent and pre-ticked boxes.

Consent and documentation

Consent needs to be stored against a data subject with information on how it was given and on what date. Dependant on how a client’s website is already set up, in some cases, this will also mean adding extra functionality for users to manage their preferences at any given time. In many cases, it will just be updating privacy details.

At Formulate, we have had our own audit using a GDPR specialist, who has shown us the extra documentation we need and provided all staff members with appropriate data protection training. We have built our own CRM, so thankfully the task of ensuring we are storing data in a way which is fully compliant with the new regulations is now a relatively straightforward task and one that we can do with immediate effect.

What should owners of high profile websites prioritise?

For most owners of websites, it will be a case of ensuring the data you have already collected via the website has been collected fairly, and deleting any that hasn’t. If there’s any information that you have collected but don’t need, this should be deleted, along with the fields collecting this data on the front end of your website. Then, it’s a matter of ensuring the way you collect data from that point on involves clear and active consent, a detailed privacy statement, and that data is kept up to date when a user wants to change preferences later.

You should ensure you and your digital agency have a data breach procedure in place, because companies will have an obligation to report any data breaches to the ICO (Information Commissioner’s Office) within 72 hours. You as the website owner are the data controller, and your digital agency is the data processor – together, you should discuss how you will handle a breach of information. Take time to revisit the security of the data you are collecting on the site. If you are not sure, discuss with your digital agency how your users’ data is being secured and ask if there are any moments within the data flow where that data is vulnerable. Any vulnerabilities will need to be addressed, whether it’s installing an SSL certificate or a more comprehensive exercise, so it’s better to identify them now and form an action plan between you.

The consequence of inaction

The startling fact is that any company which fails to be GDPR complaint before 25th May can be fined up to €20M or 4% of worldwide annual revenue – whichever is higher.

What are the main challenges and opportunities for marketeers?

GDPR will bring about positive change in the way businesses handle data. Whilst the ICO has outlined areas of leniency in early enforcement, we at Formulate are working to support our clients in limiting any risk by actively implementing processes which provide fair and lawful data processing, whilst adopting the client’s broader business compliance objectives.

The biggest challenges will face marketeers with databases full of personal data, with no way of ensuring it was collected in a compliant way. GDPR offers companies the opportunity to improve data collection processes whilst strengthening their customer engagement practices with a more informed and valuable prospect base.

What’s your advice or tips for getting ready for GDPR?

There is no definitive checklist of prescriptive instructions to follow, so it will take some time to digest and break down into action points. Start now, and enlist the help of a GDPR professional to advise you. In terms of your website, establish where yours may be weak and have the conversation with your digital agency in advance.

Formulate and digital agencies like us offer a wealth of expertise to support clients in their preparation and management of web compliance with GDPR. Keep the 25th May deadline in mind and work with your digital agency to discuss gaps or challenges, and implement a process to resolve these. The earlier we all begin to implement compliance measures, the more prepared and protected we will be.


Related Articles

Contact Us Now

We will be in touch shortly to discuss your project.

Get in touch