The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. As far as website implications go, the main change is that all sites must have a Privacy Policy, and all user interactions where they provide you with personal information must be accompanied by a "Specific Consent" option.
Now here's 3 questions:
1. Did your web developer personally contact you prior to the day and explain these principles?
2. Did your web developer implement these changes prior to 25th May?
3. Did your web developer make all the necessary changes to your site to ensure you were compliant without billing you for their services?
If you answered "Yes" to all three then you're obviously a WebSpain client. As I've said in the past, not all web designers are created equal. This is just another example of how we always go further in the area of client support.
As far as GDPR will develop in the future, there are no guarantees that the stipulations, or even the interpretations, won't actually change. And at this point it remains to be seen how closely the regulations are actually going to be enforced.
No doubt there are millions of website owners out there that haven't got a clue about all this.......because their web developer never bothered to bring them up to speed about their responsibilities. You'll be able to spot them quite easily if they don't have a "specific consent" option in their forms. Potentially, organizations not in compliance could face hefty penalties of up to 20 million euros, or 4 percent of their worldwide annual turnover, whichever is higher - so this isn't something that you can leave to chance.
But there's one area where the GDPR isn't clear at the moment.....and that's HTTPS/SSL encryption on websites. The GDPR regulations specifically state that all user information received must be stored securely, and all reasonable precautions must be taken in terms of it's security at point of contact and thereafter.
To me, that would infer it's necessary to have all connections encrypted rather than unsecured......despite the fact SSL Security isn't directly referenced. So my personal recommendation (as I've been saying for 3 years) is to ensure that you have an encrypted connection to your site.
Google has been saying this throughout this period, and now with the introduction of GDPR the onus is on you personally to ensure that you are seen to be complying with the legal responsibilities that you now have. Also, from July onwards, Google Chrome browsers will begin to flag every website that does not use HTTPS encryption with the warnings 'Not secure' prominently highlighted in the address bar. That's a business-killer if ever there was one.
Failure to secure peoples' data in the past was just seen to be unprofessional......now it breaks European law. There's a big difference. Seriously.......just don't take any chances on this because the stakes just got a lot higher.
If anybody needs advice just contact us at