Why Is It Important to Make Your Sitefinity Website GDPR Compliant Before 25th May?
General Data Protection Regulation or GDPR is the new EU data protection regulation and is one of the most important things that is going to hit the business market in the year 2018. It is considered as the biggest change that is related to the protection of personal data processing and it is vital that companies approach it carefully.
The rule is going to be enforced on 25th of May and poses fines for those organizations failing to comply with the law. The maximum penalty would be about €20 million or about 4% of the global turnover, and this would be more than enough to close down many business organizations.
GDPR is in fact the protection of the data that is gathered, used and managed and any person whose information the company holds would have the right to request the company to erase the data. Since failing to adhere to the law would attract steep ramifications and fines, preparation is the key to avoid any such states.
What is the Difference Between GDPR and DPA?
DPA or Data Protection Act is also a lay that helps to protect consumer data, however the GDPR has come up with some similar concept, but some parts are totally enhanced. Even if your business is compliant with the DPA, here are some other measures to take to make it GDPR compliant.
Some new procedures should be dealt with, new transparency and individual’s rights should be taken care of. In complex and large business organizations, significant implications should be made in various areas that include the IT, personnel, budget, governance, communications and etc.
This change will affect more than a department, so it is essential that all the team members are aware of the changes that are to take place and based on that specific actions are taken long before the deadline.
Why Should My Sitefinity Website be GDPR Compliant?
GDPR will have a great impact on not only the EU based entities, but also on every business dealing with clients within the European Union, with both data controllers and data processors. Noncompliance to the rules will result in fines of up to 4% of the global revenue.
An organization may be fined up to about 2% of the global revenue for not maintaining the records, not notifying the authority or the data subject about the breach and for not conducting impact assessment.
How can I Ensure that My Sitefinity Website is GDPR Compliant?
1- Informing Clients About their Rights:
Your customers should have proper information and should be entitled to give their permission for data processing. They should also receive any specific information like the purpose or the span of the processed data. The principle of transparency should be followed and any data that is addressed to the public should be accessible and easy to understand.
2- Forms: Active opt-in:
Most business websites have got forms that invite the visitors to subscribe to newsletters or ask for any requirements or preferences. The check boxes that are attached to the invitations should be defaulted to Blank or No.
Users cannot be forced to actively opt-out with already selected tick boxes. This would be considered as bad user experience and needs to be changed as per the law.
3- Getting Consent:
Consent is an integral part of the GDPR legislation and it is very important for websites collecting personal data. Visitors to your website should clearly understand how you plan to use the data and they must agree to the specific purpose. You can only use the collected data if they have agreed to this.
4- Including Privacy Notice and Terms and Conditions:
Business organizations also have to update the terms and conditions of your website in reference to the GDPR terminology. You have to make it clear what you intend to do with the information that you have received and for how long the information will be retained.
You will also have to communicate how and why you are gathering such data to maintain the transparency.
Any data that are submitted or transferred to the website should be encrypted to adhere to the GDPR rules.
Encryption will stop people from hijacking the data and misusing it. An SSL certificate should be used to encrypt data, which will ensure that the information transferred online is not accessed by cyber criminals or any unauthorized person.
“If you are interested to ensure that your Sitefinity website is compliant with the GDPR, then let us help you with the task.”