Synapse & GDPR: Hidden Implications of GDPR

20th April 2018

GDPR is a EU-wide data protection regulation that will be coming into effect on May 25th 2018. Every business and individual has new rights and responsibilities regarding data.

By researching GDPR, you may already be aware of the obligations you have. What you may not know is the implications these obligations have on some of the things that your company does every day.

Onsite Forms

Forms are an integral part of lead generation - they’re generally on most pages of your website to make it easy for customers to talk to you. Forms often come with a lot more than a simple request for contact - it’s common for them to sign you up to a newsletter or even to your information being given to third parties.

Every form on your website needs to have clear information about the data that’s being collected, what it will be used for and what will happen to it. What’s more, you should be including a checkbox that allows the user to consent to this process, and the contact they will receive later on.

Analytics

Most websites have Google Analytics installed to track the source and behaviour of their users. It’s a way to find out what is attracting and distracting your website users, and use the information to improve the way your website works.

When it comes to GDPR, analytics could become an issue for you. You need to make sure that the information that’s being collected isn’t personal or identifiable. Under GDPR, this includes IP addresses, usernames, phone numbers and email addresses.

It’s a good idea to speak to the person controlling your Analytics account and ask them to turn on IP anonymisation. If you have any additional tracking that collects anything personal, this needs to be removed.

SSL Certificates

Although it’s not required for full compliance, an SSL is a good idea for any site that handles data. This certificate will ensure that every piece of data transmitted from your site is encrypted, so it cannot be read by anyone else. If you were to be audited, the presence of an SSL would show that you have data security as a priority. It offers an elevated level of protection against data breaches.

You will find that there are different levels and pricing of SSL Certificates. Most will use the same SHA-2 and 2018-bit encryption, but the main disparity between a low-end SSLs and the ones offered by premium organisations is the level of warranty available. If there were to be a breach, you are usually only offered a very small warranty that could lead to your company having to cover the rest. Better quality SSL Certificates will allow a better warranty for you.

Privacy Policy

It’s likely that you already have a privacy policy on your site, but the advent of GDPR will require you to update it to cover the new rights and regulations your users need to be aware of. This new privacy policy needs to include information about the type of data you’re collecting, who is collecting it, how and why it is being collected as well as whether it will be shared with anyone.

The most important thing to remember is that your privacy policy is now required to be in clear, plain language. It cannot use overly complex wording or be deliberately obtuse. What’s more you need to ensure it’s simple to find and free to see.

We can help your business with:

  • Purchasing and installing an SSL

  • Restricting your Google Analytics

  • Updating your site forms

  • Access Level restrictions

  • Restricting Admin247 access permissions

  • Restricting access to Admin

  • Restricting access to data based on geolocation

GDPR Compliance is non-negotiable - speak to the team at Synapse today to see how we can help.

Insights & Spotlights...

Your login details have been used by another user or machine. Login details can only be used once at any one time so you have therefore automatically been logged out. Please contact your sites administrator if you believe this other user or machine has unauthorised access.