So you read my email – thank you. I’m now going to attempt to justify why you need GDPR compliance – first of all, let’s look at the reality. What a pain… it’s the EU, it’s about big business, it’s designed to stop Facebook stealing your data, it’s all of the above – but it does not apply to your website.
Trouble is – it’s the law. But there are other earlier laws that you probably have not obeyed when it comes to your website.
- If you are a business you are legally required to put your Registered Business information on your homepage. Same for Sole Traders and Partnerships.
- Disability Discrimination Act 1995 – you need to ensure your website is accessible to all.
- You must publish a Disclaimer
- You must publish your Terms and Conditions if you have them
- If you run eCommerce you must publish your Delivery and your Returns Policies and people must agree to them before they can buy from you.
- You must declare and tell people what Cookies you are using and how and why they track peoples data and usage of the website.
- Do you handle peoples data and did you register with the ICO as required by the Data Protection Act 1998
The big question is – how much of this did you know and how much are you doing already?
Info Link: http://www.ukwda.org/blog/is-your-website-legal
Reasons for being legal
Here are our top reasons for sticking to the law:
- Over 250 employees and the GDPR and Data Privacy comes into its own… luckily that only effects the top tier of companies in the UK, but you might be growing your organisation in that direction, companies smaller than this and the rules are greyer as you might not be ‘bound’ to the law.
- Selling your business – if you decide to exit from your business then the more ticks in the box the better – you cannot really sell something that is illegal.
- Being sued or taken to court, if someone decides to catch you out – they probably can and will. Even if you are a part-time artist selling your painting you – this could, in theory, happen to you.
- A bit like upgrading your computer – if you don’t do these things now – the cost and effort will build up as more laws and requirements are set by rule makers.
- Grants, Loans, Investors and money in general, if you need it, best to get legal.
The reality of GDPR
Is this all just hype – we have been here and seen this before. The Cookie Consent requirement was highly controversial and a lot of noise was made about it on the News etc, but no harm has come to most businesses that have not complied with these sorts of laws. And the same will happen again, no question. However, one day these things will come to home to roost – they always do.
Our aim is to provide you with a low cost, easy to implement, solution that at least shows you are making an effort. If you were to do all this properly you would need many days planning, lawyers and quite a few thousands of pounds. Our aim is to take you as far as we can before bringing in the big-wigs. If you can show that you are making steps – it would be better than doing nothing at all.
We also have to stress that GDPR applies to all aspects of your Organisation, not just the website. If you have customers and process even their name – you need to be fully compliant. Again our aim is to alleviate some of the hassles by having a simple low-cost solution that you can just implement quickly and effectively.
Dangers of GDPR & Marketing
Getting this wrong is going to cost some companies a considerable amount of money. With Cookie Consent I believe BT had to rewrite their’s about 3 times before they got it right – even the BBC had trouble creating something legal. So here are some things that may go wrong:
- Your visitors to your website will go down, that might not be true – but only people consenting to Statistical Tracking (Google Analytics for example) will now be tracked. This needs thinking about and it may be that you can term Analytics as an ‘essential’ cookie or leave it to the end uses discretion.
- Mailing Lists – if you have depended on your 10,000 name strong mailing list for the last few years – then incorrectly implementing a double opt-in strategy might kill your database by up to 95%. The GDPR states that “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.” There’s a lot more here that we can advise upon.
- Cookies you did not even know about. You’d be right to question every Cookie on your website, many third-party plugins and extensions to website add some fairly exposing Cookies – these will now be public for all to see and may well raise eyebrows.
- Moving overseas… the EU law requires GDPR for anyone selling into the EU (including the UK) – what effect will this have if your main competitor is Russian or Chinese, the USA has stringent Data Privacy Laws, but GDPR intends to lead the world on this front leaving EU business exposed to cheaper, less reputable, competition from elsewhere in the world.
It is our legal duty to advise all customers of NCompass Ltd – that they must be legal and so they should. But we cannot make this decision for you, we can help with ALL aspects of integration, but ultimately the decisions made by an organisation are up to the organisation – we cannot do this bit for you. Full compliance is a big deal and one that is going to be quite tough to implement.
As usual, we want to make all this simple and doable for you at a reasonable price, so if you have any questions please do get in touch and we promise we won’t sell your data. We can do an Audit and give you a better understanding of what is needed or your website or business.