Understanding GDPR for your website

What are the rules for GDPR?

This law is designed to protect the data and privacy rights of any internet users within the UK or EU and compliance is mandatory. Severe financial penalties can be imposed for non-compliance.

According to the official EU “Guidelines 04/2022 on the calculation of administrative fines under the GDPR”* the fines should be “effective, dissuasive and proportionate” and depending on the severity of the infringement “The first category of infringements is punishable by a fine maximum of €10 million or 2% of the undertaking’s annual turnover, whichever is higher, whereas the second is punishable by a fine maximum of €20 million or 4% of the undertaking’s annual turnover, whichever is higher”.

What does this mean for my website?

Any website that collects data from visitors in the UK or EU must be GDPR compliant. Even if your website(s) are owned and hosted outside the UK and EU, but collect data from UK and EU visitors you must be compliant and the regulation is internationally enforceable. This is especially relevant for clients who sell into the UK or EU from overseas operations, you are still liable and still need to ensure you are fully compliant.

GDPR covers a range of Data Privacy and protection requirements and especially for UK and EU businesses these can cover cookies, on site tracking, data transfer, data storage, location of server and tracking data, transferring of data outside of the UK and EU and security of personal data. For ecommerce websites especially this poses a range of risks and issues that you need to be aware of and stay on top of.

Can anyone see if my website is not GDPR compliant?

One of the initial ways that regulators and individuals are assessing the likely level of a business being compliant is through the way in which clients are handling website cookies and informing and empowering users to understand what is being tracked and used when they enter the site. This element of GDPR is one of the more clearly defined and is not just displaying a banner that states “We use cookies”. You need to ensure that your cookies are properly categorised into e.g. Essential, Functional, Performance and Marketing. You then need to give each visitor the option to accept or decline any cookies not categorised as “Essential”. Failure to do this is non-compliance. If the GDPR authority audits your website, or if a user reports your non-compliance, then your business could be liable for a penalty.

It’s seen by many that GDPR is putting an unnecessary burden on businesses around Data Privacy and security, in truth it’s ensuring that we create an international standard to protect our personal information. With the ever increasing risks of hackers and data breaches, being GDPR compliant is actually a good thing!

Ensuring your business is doing its very best to be transparent with consumers about what it is tracking, storing and transferring is a good thing and in the long run is protecting you, your business and your customers/users. It also doesn’t have to mean you gather less data … It does mean you really assess what your business needs to know and helps identify if you should really be gathering that much information about your users and importantly how you gather that data … through a 3rd party service or build your own tracking process (this increasingly is less expensive than you may think). But most importantly of all it ensures that if the worst should happen, your business will be able to demonstrate that it has done all it could to be responsible with consumers’ data, which can only protect rather than harm.

Who can help me make my website GDPR compliant?

Voodoo has a wide range of GDPR experience. Our consultants and tech team are able to provide hands-on support to ensure whatever part of the GDPR process you need developing our team will be able to provide the right solutions.

Voodoo is especially skilled in the area of website cookie compliance. We can offer a solution to ensure that you are compliant and work closely with OneTrust cookie compliance scanning, categorisation and consent management tools. This includes displaying a cookie consent banner advising visitors about your cookie policy and uses. The user can click to accept or view more detailed information and then decide which cookies they wish to accept.

Voodoo will take care of the whole process. Your website could be fully compliant with GDPR cookie requirements within 7 days, and you can concentrate on running your business without the worry.

*Guidelines 04/2022 on the calculation of administrative fines under the GDPR

Posted in GDPRTags