GDPR – Are you ready?
Disclaimer: Any advice in this article is intended for general information purposes, we are not lawyers and it does not constitute as legal advice!
Time’s ticking, there’s now only a week left until the GDPR deadline. If you’ve left things a little late we’re going to share with you some of the tools we’ve used in order to get ourselves prepared for the new GDPR changes.
What is GDPR?
Before we dive right in, just in case you don’t already know, we’ll explain a little about GDPR. GDPR (General Data Protection Regulation) aims to give EU citizens more control over how their personal data is used and make organisations change their approach to how they handle this data. Companies will have to be more transparent and about what kind of data they are collecting, how they are intending to use it and how long they will keep it for. The user who is providing the data (the data subject) will also have greater powers to request what personal information a company holds on them, as well as being able to ask a company to update it if it’s wrong. Your users are also be able to request that a company deletes personal data they hold if they no longer what them to use it. There’s much more to GDPR but for this very brief overview, it’s a bit out of scope.
Where to begin?
Don’t just rush into this blind, there’s a bit of ground work to be done before you can start using some of these tools. Firstly you need to audit what data you’re collecting and what is being done with it. This was probably the most time consuming part of the process for us, as you suddenly start to realise all the different ways that you’re collecting different data. We used Cookiebot to audit our site to see what cookies were collecting data. Next was to start investigating if any of our plugins were collecting data and how they use this, fortunately many of them had already released information in relation to GDPR and how their plugins collect/use data.
Audit done, now what?
To help manage our cookies we’ve used the GDPR cookie compliance plugin. This handy tool puts a customisable banner across the bottom of your site asking a user to consent to all the sites cookies through the use of an ‘Accept’ button. If the user doesn’t want to accept them all there’s a link in the banner they can follow that opens a modal window you can brand to toggle certain cookies on/off. Should the user change their mind at a later date this same screen can be used to withdraw their consent.
We’ve never collected a large amount of data on our users but during our audits we found that there was data we collected that we probably didn’t actually need. An example would be our contact form that logged all the messages we received as a backup. As we’ve never actually had to refer to these stored messages, we felt like this was storing data we didn’t need. The practice of storing only the data you actually need will not only benefit you during the auditing/getting compliant stage, but should the worst happen and a data breach occur then there’s less data to leak!
Wrapping things up
GDPR is certainly a bit of a minefield, arguably it’s causing some of the most drastic changes regarding data protection in the last 20 years. We hope this article and the tools outlined in it helps you on the path of getting your site compliant.
Like we said at the start, we’re not lawyers, everything in this article has been intended as (hopefully helpful) general information, it doesn’t constitute as legal advice.