GDPR – Privacy notices and security, putting a plan in place.
Of the many factors that are listed in the GDPR, website privacy and security is something we are implementing for our clients’ websites’ to make sure their website is running a “best practice” policy.
This checklist highlights steps we are going to take now to prepare our clients for the General Data Protection Regulation (GDPR) which will apply from 25 May 2018. They cover:
- Collecting information through website forms
- Keeping WordPress running the latest version
- Vulnerability Updates
Step 1. Collecting data on your website
The ICO says…….
“…..you will need to explain your lawful basis for processing the data, your data retention periods and that individuals have a right to
complain to the ICO if they think there is a problem with the way you are handling their data. The GDPR requires the information to be provided in concise, easy to understand and clear language.”
We are going to make it very clear why information is being collected and how it will be used. Here’s an example of how we are going to adjust the forms:
Graphics from (EConsultancy)
Things we need to look at whilst reviewing the website forms
(Direct from the ICO website)
- Consider whether you actually need to collect information about people. Don’t ask people to login, register or provide their personal details unless you need them to. It is acceptable to ask for this information once people make an enquiry or decide to do business with you.
- When you collect information about people they should know who you are and what you’re going to do with their information. There should be a clear, prominent explanation of this on your website.
- You are under a legal duty to keep customer information secure. Ask your IT supplier to give you advice on encrypting information and make sure staff with access to the information are trained to keep it secure and look after it properly.
- If you use a subcontractor, for example to manage your database, make sure there is a written contract in place that requires them to look after your information properly, including keeping it secure.
- Ensure that you only collect the information that you use.
- If you no longer require the information then stop collecting it and dispose securely of any unnecessary information that you may have collected
There are some very good examples of how companies are putting privacy policies on their websites. Age UK have a great example of a very clear policy and it includes information about updating your details, security precautions, any transfer outside of Europe and any profiling that may take place. Check it out here.
We are working with all of the companies we deal with this to make sure their policies are clearly outlined.
Step 3. Keeping the data that is submitted by users safe.
This is a very important step. Keeping your site patched and running the latest WordPress or Woo-Commerce versions is going to be very important as the users won’t know this. Running an out-of-date version of WordPress could mean the data that’s transmitted from the site can be used by hackers.
We are also going to make sure all of our websites have SSL certificates to keep data passed through the website encrypted.
Step 4. Vulnerability Updates
Finally, we’ve partnered with the fantastic team behind the WPScan Vulnerability Database to bring you real time information about what plugins are vulnerable so we can act accordingly.