What are the rules?
This law is designed to protect the data and privacy rights of any internet users within the UK or EU and compliance is mandatory. Severe financial penalties can be imposed for non-compliance.
According to the official EU “Guidelines 04/2022 on the calculation of administrative fines under the GDPR”* the fines should be “effective, dissuasive and proportionate” and depending on the severity of the infringement “The first category of infringements is punishable by a fine maximum of €10 million or 2% of the undertaking’s annual turnover, whichever is higher, whereas the second is punishable by a fine maximum of €20 million or 4% of the undertaking’s annual turnover, whichever is higher”.
What does this mean for my website?
Any website that collects data from visitors in the UK or EU must be GDPR compliant. Even if your website(s) are owned and hosted outside the UK and EU, but collect data from UK and EU visitors you must be compliant and the regulation is internationally enforceable. This is especially relevant for clients who sell into the UK or EU from overseas operations, you are still liable and still need to ensure you are fully compliant.
GDPR covers a range of Data Privacy and protection requirements and especially for UK and EU businesses these can cover cookies, on site tracking, data transfer, data storage, location of server and tracking data, transferring of data outside of the UK and EU and security of personal data. For ecommerce websites especially this poses a range of risks and issues that you need to be aware of and stay on top of.
Can anyone see if my website is not GDPR compliant?
It’s seen by many that GDPR is putting an unnecessary burden on businesses around Data Privacy and security, in truth it’s ensuring that we create an international standard to protect our personal information. With the ever increasing risks of hackers and data breaches, being GDPR compliant is actually a good thing!
Ensuring your business is doing its very best to be transparent with consumers about what it is tracking, storing and transferring is a good thing and in the long run is protecting you, your business and your customers/users. It also doesn’t have to mean you gather less data … It does mean you really assess what your business needs to know and helps identify if you should really be gathering that much information about your users and importantly how you gather that data … through a 3rd party service or build your own tracking process (this increasingly is less expensive than you may think). But most importantly of all it ensures that if the worst should happen, your business will be able to demonstrate that it has done all it could to be responsible with consumers’ data, which can only protect rather than harm.
Who can help me make my website GDPR compliant?
Voodoo has a wide range of GDPR experience. Our consultants and tech team are able to provide hands-on support to ensure whatever part of the GDPR process you need developing our team will be able to provide the right solutions.
Voodoo will take care of the whole process. Your website could be fully compliant with GDPR cookie requirements within 7 days, and you can concentrate on running your business without the worry.