Our Flagship Product: Synapse

4 Impacts Of GDPR Your Business Needs To Know

Every business within the EU needs to be preparing for the new GDPR. The 25th May 2018 deadline is nearing, and from that day your business is at risk of substantial consequences if it is found to be non-compliant.

If you’re researching GDPR, it’s likely that you’re already aware of many of the obligations that your company has. Nevertheless, to begin with your company will need to undergo a gap analysis that can tell you where you need to improve.

Alongside your gap analysis, there are a few things that almost every business uses in their day-to-day running that could cause problems with compliance with GDPR.

Analytics

Google Analytics is a staple of most marketing strategies. It uses cookies to track every visitor to your site so that you can see where they go and what interests them. However when you consider GDPR, Google Analytics could be putting your company in a difficult position. To make sure that your analytics use is GDPR compliant, make sure you take these steps.

Check What’s Being Collected – make sure that the data that you are collecting isn’t personally identifiable by the GDPR’s regulations. This means that analytics shouldn’t be collecting usernames in your page URLs, phone numbers in form completions or email addresses.

Turn on IP Anonymisation – the GDPR considers an IP address as Personally Identifiable Information. Therefore, you should make sure to protect this by turning on IP address anonymisation. We will be implementing this as standard for any clients who we set up Google Analytics for. If youd like any help with this, please get in touch with our support team.

Forms

Almost every website has a form for customers to use to get in touch. Previously, entering your details into a form like this would likely sign you up to a mailing list and potentially even lead to your details being passed along. Now, your forms need to be transparent regarding the data they are collecting.

Consent – Affirmative consent is one of the most important new additions to the regulations. Your forms need to have a checkbox in which the user agrees to their data being stored, and to being contacted as a result of the form. You’ll need to be clear about why you’re collecting the data, and what you’ll be doing with it.

SSL

An SSL Certificate is already an important addition to any site that handles data, but with the new GDPR obligations it is now vital. Although it’s not required to be fully compliant, an SSL will encrypt any data that your site transmits to ensure that it cannot be intercepted. In the event of an audit, having an SSL will show that you are making every effort to protect your users.

When purchasing an SSL, you need to be aware of the difference between the low-cost and premium SSL certificates. There are number of providers online that offer SSLs at a reduced price. The majority of SSL certificates use the same SHA-2 and 2018-bit encryption; the main difference between these SSLs and the ones provided by premium organisations such as Zinc is the level of warranty available. In the event that your end user loses money as a result of an SSL failure, your provider will reimburse them. Low-cost SSL providers offer a far smaller warranty, putting your company in the position that they may have to compensate a user for their losses in this instance. Zinc Digital offer Thawte SSL Certificates that offer a minimum warranty of $500,000.

Privacy Policy

Most websites now have a privacy policy on as standard, but with the advent of GDPR you will need to update it to be clearer and cover some of the new obligations you have. Long, unintelligible privacy policies are no longer allowed – your privacy policy needs to be written in plain language as well as being easy and free to access.

The information needs to be updated to provide the facts about:

  • The data you’re collecting
  • Who is collecting it
  • How it is being collected
  • Why it is being collected
  • How you will be using it
  • Who it will be shared with
  • What effect this will have on the user

This information should all be known to you through your standard GDPR preparations, and could even help you to discover gaps in your strategy that could lead to sanctions in an audit.

Zinc Digital cannot create a privacy policy for you, but we can recommend suppliers that can provide this service.

Zinc Digital are undergoing a Gap Analysis to highlight the improvements we should be making on our protection regulations. We advise that all organisations take this step as their first point of action. We can then assist you in implementing the changes you will need to make as a result of this.

We can help your business with:

  • Purchasing and installing an SSL
  • Restricting your Google Analytics
  • Updating your site forms
  • Access Level restrictions
  • Restricting Admin247 access permissions
  • Restricting access to Admin
  • Restricting access to data based on geolocation

Call us today to discuss your gap analysis and begin your journey to GDPR compliance.

Our accreditations - you're in safe hands...

Accreditations

Sponsored for digital
business growth by:

Northampton County Council