GDPR and website security, does it matter?
Published on Wednesday, October 4th 2017 by Aaron Whiffin
You’ve probably heard every solicitor and their dog talking about GDPR, but what is it and does it really matter?
Well, in plain English * if you store or process people’s personal information then you need to adhere to a new set of rules or potentially face some pretty hefty fines. It’s essentially the data protection act version two, and they’ve broadened the scope of what’s considered ‘personal data’. Even an email address or an IP address handled incorrectly could land you in trouble.
A good example would be an email marketing list. Have all of your personal subscribers explicitly opted in? Or have you either added them yourself because they’ve been a customer, or have they failed to click the ‘click not to receive info’ box? If they’ve not explicitly asked to be contacted then you could land yourself in trouble.
Another example would be what if your website was hacked? Have you taken reasonable steps to ensure that it’s secure, and does all of the personal information stored online really need to be there?
It’s the government’s way of protecting users’ data, and stopping them getting unsolicited marketing. It’s a good idea but, in my opinion they’ve not thought through a lot of the technical details. For example if you have a postal mailing list and users haven’t opted in, essentially you’d need to write to everyone and get them to write back in order to comply; you may as throw your database in the bin. But they’ve set the rules and we all need to comply, or else…
So what do we all need to do?
At this stage we need to start making steps towards compliance. Reading between the lines, this doesn’t mean we need to spend thousands changing everything immediately, it’s not practical, but putting the basics in place and making reasonable efforts to secure personal data is certainly the best first step.
We’re not lawyers, and don’t pretend to be, and for GDPR legal advice we’d suggest Hybrid Legal (say we sent you).
So what can we do to help? Well we are experts at online security, and we’ll happily look over your website and see what data is stored, whether it’s necessary, and see how well it’s secured. This can be from a small GDPR investigation, to a full security audit.
Although we can’t name clients, have recently performed massive security changes for a nationwide household name, and have vastly improved their online security from a system that would have landed them in big trouble!
So how seriously do you take your online security? Does your website comply with the current and future data protection laws?
Unsure? Get in touch.
We are Webbed Feet, we take security and data protection seriously.
* Although we’ve done our research we are not lawyers. So take this advice with a pinch of salt, and please seek legal advice before making any decisions, and we accept no responsibility for any actions taken as a result of reading this email.