On the 25th May 2018, the General Data Protection Regulation, or GDPR, comes into effect for all companies that are based in the EU, or have a connection with entities from the EU. The basis of this new regulation is to ensure that people ensure the safety and security of any and all personal data that they hold for anyone in any form, be that in a database, via a third party online or indeed, even in written form. Not only must the security of this data be paramount, but what that data is used for must be clearly defined. Due to this regulation, your website may not be as secure or indeed follow the rules that it should. To help make the basics easier to follow, we have detailed a checklist to make sure you have done as much as you can.
Secure your data. Update your users.
Ensure that any stored personal data is protected and that you use it as you said you would
The following checklist covers the main aspects that you should be aware of, and what needs to be in place on your website. PLEASE NOTE. This is only a guide and we highly recommend that you seek basic legal help to ensure that you are fully compliant with GDPR so as to avoid incredibly large fines for misuse of data or incorrectly stored information.
- Read at least one of the recommended resources from the list below to familiarise yourself with GDPR
- If you store information on your website via a database or webform application, or operate an eCommerce site of any form, ensure that you have an SSL certificate installed to encrypt any transmitted data - more info
- If you store information on your website via a database or webform application, or operate an eCommerce site of any form, ensure that your Drupal website has a security package attached to it to ensure that all core and contributed modules are kept up to date and patched immediately when any security warnings are issued - more info
- Whenever someone is requested to submit personally identifiable data, detail to them exactly what they will receive and for what purposes. From that point onwards, you may only contact them regarding the subject that they were advised about
- In signing up to receive information, they must tick, and not auto tick, to confirm they are happy to receive correspondence
- CRITICAL NOTICE. This is only a guide and we highly recommend that you seek basic legal help to ensure that you are fully compliant with GDPR