What is GDPR and why should you be aware of it? 

General Data Protection Regulation is an EU law governing data protection and privacy. The UK implemented GDPR into its own domestic law via the Data Protection Act 2018 and the EU retained law version of the General Data Protection Regulation (the name for GDPR in the UK after Brexit). GDPR is one of the toughest privacy security laws in the world. It has very strict rules and regulations relating to the collecting and processing of data in the EU, so as a business owner you NEED to be aware of it.

As a business owner with a website, you will be processing personal data for UK or EU citizens. Personal data means; emails, names, address, numbers etc. - anything that could identify an individual. It’s essential that you comply with GDPR regulations. If you don’t, you could end up with a huge fine.

To start off the new year, I’d suggest making a Data Protection Checklist to ensure that there’s nothing unaccounted for.

Our top 3 tips are as follows:

1. Register with the ICO in the UK or the Data Protection Commissioner in your country (if required, it’s not needed in every country)
2. Have a tailored specific privacy policy on your website that sets out the data you collect and what you do with it
3. Do a data mapping exercise - audit what data is coming in and going out of your business and keep on top of this as you grow and scale

What do you need on your website?

All websites need legal documents, such as, terms, privacy policy, cookies policy, cookies banner and a copyright notice. Your website documents should be prominent and accessible. The best place for the hyperlinks is the footer of each page so visitors can easily locate essential information.

Website terms

Website terms set your website ground rules and information visitors need to know about you. The terms don’t need to be long, provided you have all the legals covered.

Privacy and cookies policy

A privacy and cookies policy is a GDPR must! Within this policy, you’re telling visitors and your customers about the personal data you collect from them when they do such things as:

• Use your website
• Contact you
• Subscribe to your newsletter
• Make a purchase on your website

You’ll also need to explain why you collect personal data and what you do with it. There are six legal reasons for collecting personal data, and the most commonly relied on are that you need the personal data to fulfil your contract with them (i.e. complete the order), they have consented by contacting you, or it is in your legitimate interest to contact them with relevant goods or products. You should also add the contact details of your Data Protection Officer (if you have one) and confirm you’re registered with the Information Commissioner’s Office (ICO).

If you collect personal data of US citizens, you must be aware of Californian privacy rules, and also the developing laws within various states across the US, and reflect these within your privacy policy.

Cookies

You should also set out your policy on cookies. Cookies are small text files placed on visitors’ devices when they visit your website so that they are remembered next time they visit. The purpose is to make a visitor’s experience more efficient and most websites collect these. Cookies can be used for targeted advertising via third party cookies. You need to be super careful of these and disclose to visitors if you use them. This is because they are collected by third parties, such as Google (via Google Ads) and Meta (via the Meta pixel). If you’re not sure, ask your marketing or website development team.

Cookies consent banner

As your website will use cookies, GDPR also requires you to include a cookies consent banner. This gives visitors the chance to reject cookies if they want to, although they may not receive the full website experience without cookies. If you don’t have a cookies consent banner, have a word with your website developer who could add this for you.

Copyright notice

Your website footer should include a copyright notice: “Copyright © 2023 [company name]”. Be sure to update this to the current year and add a reminder to do this at the start of each year.

If you’d like more information on the above, hop on one of Jamieson Law’s free legal advice calls to ask your burning questions - calendly.com/jamiesonlaw