The 25th May is looming…
The deadline for being compliant with the new GDPR legislation is the 25th May 2018. From discussions with a lot of our clients this is something that is confusing, a little scary and something they are struggling with. There are a variety of experts out there with a variety of opinions, largely because the legislation has not yet been tested in practice and the guidance is developing on a constant basis.
How is it affecting us?
Well it appears there are two terms to describe people or businesses who hold data, a Data Controller and a Data Processor. Luckily for us at Sokada we are both… perfect!
- We are a data Controller for the information we control; ie the names and contact details for our clients and their personal data.
- We are a Data Processor when we process data for our clients ie your client’s customer data, which we can access to our clients’ websites.
This has meant extra work for us as we have had to update our Terms & Conditions, which all of our clients will now have to sign, agreeing that they will comply with our GDPR policy and are managing their data properly.
Getting the right policy
In the past we have had a EU Cookie law which seemed almost as useful as an overly bent cucumber or chocolate that isn’t chocolate… EU law for the sake of it. But GDPR seems to be much more detailed. We are not sure how they will ever police many of the issues, but it has to be taken seriously. It’s also VERY important that we manage personal data properly.
A few simple tips to developing your policy
Firstly, sit down and work out the many different ways you process personal data, this includes, customers, employees, consultants, and suppliers. We have been looking at this from a website point of view as that’s one of the key areas where we process data.
Here are a few things to consider:
- Website forms
- Shop orders
Yes we know they are pretty obvious, but one thing we discovered is that a lot of our clients don’t really use the CMS (Content Management System) on their website. What our clients didn’t know was that when someone completes an enquiry form it stores a copy of that form online in the CMS. The same goes for online orders from the shops we manage. The client receives an email when an enquiry or order is placed and they just assume that is it. Even though we go over the CMS with them when we launch the site and have trained them in how to use it.
So, many customers are storing customers data in places they weren’t aware of. If this is you…. you will need to think about how you will be managing this data under GDPR?
How are we trying to help?
At Sokada we build our clients’ websites using WordPress in the same way that we designed our own website; we use very similar systems. We should be processing similar data and have the same issues. We have been trying to look at GDPR in a practical way that will enable us to help our clients.
Your GDPR policy is not set in stone, it must develop as your business does, diversifying and growing alongside it.
Sokada is committed to managing its way through the minefield that is GDPR and we are supporting our clients to achieve the same.