On 25 May 2018, the General Data Protection Regulation (GDPR) will be enforced across Europe, including the UK.
It is a new set of rules governing the privacy and security of personal data laid down by the European Commission.
The new single data protection act will make major changes to all of Europe’s privacy laws and will replace the outdated Data Protection Directive from 1995.
GDPR seeks to give individuals more control over how organisations use their data, and it will introduce hefty penalties for organisations that fail to comply with the rules, and for those that suffer data breaches. It also ensures data protection law is almost identical across the EU.
Under the new rules, individuals have “the right to be forgotten”, meaning they will be able to request that businesses, organisations or charities delete their no longer necessary or inaccurate personal data.
It is not affected by Brexit as it will be adopted into UK Law.
The GDPR Identifies two key elements 'Data Controllers' and 'Data Processors'.
A 'Data Controller' is a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is to be, processed. They analyse the data they collect from individuals and assess whether the information is strictly necessary to carry out their activities. Any information that does not fall into this category must be securely deleted.
They respond to requests from individuals for information held and they remove information on request.
In most cases, your business or organisation will be a Data Controller.
A 'Data Processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
VTSDesign Web Services Ltd acts as a Data Controller. Read about our approach to this responsibility.
We also act as a Data Processor as we process personal data that you have collected whilst creating or updating your sites. Find out more about our role as a Data Processor.
In the instance of VTSHosting Ltd hosting your website, this also makes them your Data Processor.
Basic website compliance
We are recommending that all websites have the following as a minimum. ICO has indicated that they are less likely to take punitive action against businesses who have demonstrated a significant effort towards compliance.
We can carry out all of the compliance work specified above for £99 + VAT. Please click here to learn more or to order this service.
If you keep mailing lists and send out mailshots, then under the new regulations, you need to be able to show actual proof of how a person was added to your mailing list and when it happened.
If you are unable to do this, then you have to contact everyone on the list that this applies to and request explicit permission for them to remain on the mailing list. Without permission, then you must not contact them after GDPR comes into effect.
Our Mailing List Compliance Service
We can offer a mailing list cleaning service for you where we will contact people on your list and manage the responses and update the list. Click here to learn more or order this service.
The fines for non-compliance can be potentially severe.
Article 58 of the GDPR provides the supervisory authority with the power to impose administrative fines under Article 83 based on several factors, including:
© Copyright 2019 VTSDesign. All Rights Reserved.