EU GDPR: What is it?
The GDPR is Europe’s new framework for data protection laws and it replaces the previous 1995 data protection directive, which current UK law is based upon.
The decision makers and key people in businesses and organisations need to be aware that the data protection law is changing to the GDPR. Those who have day-to-day responsibility for data protection need to appreciate the impact this is likely to have.
For businesses and organisations already complying with existing data protection laws the new regulation is only a ‘step change’. The EU’s GDPR website says the legislation is designed to ‘harmonise’ data privacy laws across Europe as well as give greater protection and rights to individuals.
The Information Commissioner’s Office will enforce GDPR in the UK. The ico.org.uk website has a Guide to the GDPR which explains the provisions of the GDPR to help organisations comply with its requirements.
EU GDPR: Who does it apply to?
Any organisation that is involved in collecting or processing data on EU data subjects is required to comply with the EU’s General Data Protection Regulation (GDPR). This applies to and includes companies that offer goods or services to individuals residing in the European Union (EU) and companies that monitor the behaviour of individuals within the EU.
EU GDPR: What you need to know to ensure you comply
Data collection and protection is extremely important to all businesses. This is why you need to know about the new law, understand how it impacts on your existing data infrastructure – from marketing databases, to financial data, to sensitive company information and more – and take action to ensure you comply.
There are various aspects of GDPR that require documentation to be produced by the company. This should include statements that make it clear they understand their responsibilities surrounding the data they collect and know how to act on matters relating to the protection of personal data in a proper and timely manner, such as the need to notify customers of any data breach, etc.
You should document what personal data you hold, to make sure you know where it comes from and who you share it with.
In the ICO Key Definitions, Personal data is defined as:
- The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
The ICO website has information to help you prepare for GDPR:
EU GDPR: How it relates to Website Management and Web Hosting
Orangebox provides Website Design and Web Management Services for companies that need to be compliant with GDPR.
As well as looking after our clients Web Design needs, we also take care of their Web Hosting requirements. Web Hosting is a specialist service and this is operated and managed for us by our partner Hostsynergy.
The GDPR applies to ‘controllers’ and ‘processors’ – meaning it applies to us (Orangebox and Hostsynergy) as well as to our clients.
Company websites can be used to collect information about individuals (personal data) which is saved in a database and kept on a web server (and other servers that keep a backup). This personal information may be used for purposes such as ‘Registration’ to allow a ‘User’ to have access to web services or to facilitate purchasing products and making uploads/downloads.
We (Orangebox and Hostsynergy) are preparing our GDPR documentation for publication and will be making it available to download well ahead of GDPR going live in May of this year.
It will include information on for example, how we will notify our web hosting customer of any data breach and how this customer should then notify their web users (including registered users).