6 Tips for Creating a Really Secure Password
GDPR – or General Data Protection Regulation – is one of the biggest things set to change the way businesses operate in 2018. These new rules will be enforced on 25th May this year and bring along crippling fines for those who fail to comply…Time is ticking to become GDPR compliant!
The maximum penalty for breaking the rules will set organisations back a whopping €20 million or 4% of their global turnover. A hefty fine like this could definitely be enough to close down many companies. That’s why it’s vital to make preparations now in order to satisfy the new regulations, starting with your website in ways such as having an SSL certificate.
Getting consent
A key part of becoming GDPR compliant is getting consent. It’s vital for any website that stores personal data – for whatever reason that might be – to get specific authorisation to use it. Any visitors to your website need to understand exactly how you’re planning to use their data and they must agree to it. For example, say you have obtained someone’s e-mail address because they’ve inputted it while making a purchase, you’re only allowed to use it for marketing if they’ve agreed to that purpose.
Say you’re a recruitment firm and a candidate has submitted their personal details for a specific job opportunity – you’re not allowed to use their data to contact them with other job openings unless they’ve given you explicit permission to do so.
With these changes in mind, it might be time to take a look at your website and update any forms and cookies as necessary. Also, it’s likely that privacy notices may need to be rewritten too. Don’t forget to keep them simple and free of jargon so they’re easy to understand! It’s definitely worth asking your web developer or our team here at ACS to perform an audit of cookies to make sure they’re GDPR compliant.
Data access
Another crucial step to becoming GDPR compliant is being alert to exactly who has access to any personal data stored on your website. Start with knowing who these people are and compile a list. Examine it and ask whether it’s necessary that everyone noted has access to such data. If you find you can make cutbacks, revoke their permission and take measures to ensure future access is controlled.
It doesn’t stop there. You also need to show you have a robust procedure in place for deleting any data that’s no longer needed or relevant because businesses aren’t allowed to store information any longer than is necessary.
Bear in mind that you should also check any external agencies you contract that might have access to your data and make sure they’re GDPR compliant too. At the end of the day, as the data owner, you’re ultimately responsible – even if you’ve outsourced along the way. Our advice would be to make sure that you keep a log of the measures you’ve taken to make sure everybody is acting in line with the new GDPR rules.
SSL Certificate
Lastly, any personal data that’s entered into your website must be properly encrypted to comply with GDPR legislation – this stops people stealing your data. Your website developer or our team here at ACS are able to install the needed protection. An SSL certificate needs to be installed on your website in order to encrypt the data.
If you’re not sure whether you’ve got an SSL certificate already, check the address bar of your website and look for a padlock symbol. If you don’t have one, it’s really important that you get this rectified as soon as possible. To find out how Advance Computer Systems can provide your website with an SSL certificate, click here.
While the three above points are by no means an exhaustive list, implementing these steps will definitely set you on the right path to becoming GDPR compliant in 2018. For help making the necessary changes to your website, contact Advance Computer Systems 01904 653798.
Related posts
