First, I’d like to apologise for taking so long to get this blog out to you all as this is a really important subject. Luckily, being a small business, getting yourself ready for the new laws and legislations won’t take too much work. I would like to make it clear that this blog will include guidelines only; we cannot yet be completely sure of some facts yet as the law has not yet been enforced.

So, what is GDPR?

General Data Protection Regulation – GDPR will bring outdated personal data laws across the EU up to speed with an increasingly digital era. More information can be found online at about online privacy in this new internet generation. The previous data protection laws were put in place during the 1990s and haven’t been able to keep pace with the levels of technological change. It is a new regulation that comes in to force on 25th May 2018 and it has two key principles.

  1. Allowing EU Citizens & Residents more control over their personal data)
  2. A Unifying Regulation for international businesses across the EU

This applies to all businesses that have possession of personal data of EU citizens. You should also be aware that Brexit and the UK leaving the EU does not affect the GDPR start date and the UK’s own law will directly mirror GDPR. So, in short everyone must adhere to it.

There are lots and lots of media attention surrounding GDPR and it is all quite overwhelming. Don’t let this scare you! Elizabeth Denham, the UK’s information commissioner, who is in charge of data protection enforcement, says she is frustrated by the amount of “scaremongering” around the potential impact for businesses. “The GDPR is a step change for data protection,” she says. “It’s still an evolution, not a revolution”. She adds that for businesses and organisations already complying with existing data protection laws the new regulation is only a “step change”.

GDPR Checklist for UK Small Companies

We have put together a checklist for small UK companies but please remember that this applies to all data held. This will even include all past, present and current employers & suppliers ect.

  • You should document what personal data you hold,

This includes how you required it, who you share it with. For example, if you have inaccurate personal data and have shared this with another organisation, you will have to tell the other organisation about the inaccuracy so it can correct its own records. You won’t be able to do this unless you know what personal data you hold, where it came from and who you share it with.

  • You should review your privacy policy

It is essential you are clearly stating what information is held, how you collect it and what happens with that data both offline and online.

  • Users need to be able to request their data

GDPR is essentially giving the right to know what data is held on an individual but it is also giving the right to say what can be done with personal information. You need to be able provide data and deal with requests to delete data, how you handle this needs to be made clear in privacy policies.

  • Prepare to meet access requests

All requests of data must be dealt with within one-month. Your users have to right to their data, Deletion of data, right to object and the right not to be subject to profiling.

  • Consent

You need to review how you get consent off users to use their data whether this is for marketing or contacting.

Firms with over 250 employers must have a nominated Data Protection Officer (DPO) or employ one to handle and oversea that data is always being used and stored correctly.

Breaches in data must be reported to the ICO within 24 hours if possible or within 72 hours

Failure to comply could mean serious fines the UK’s Information Commissioner’s Office (ICO) can fine up to 500,000 for malpractice but the GDPR will be able to fine up to €20 million or 4 per cent of annual turnover (whichever is higher)

Are you still holding on to old data?

GDPR requires companies not to hold on to old data for longer than necessary or process it without the user’s consent. You need to be aware of what data you have, why you have it and if it’s no longer needed.

What defines consent?

Consent has got a lot tighter, you can no longer have pre-ticked checkboxes for contact forms & newsletters, no more “small print” under submit buttons. Their now needs to be two unticked checkboxes clearing stating “i DO give permission” & “i do NOT give permission”

Consent is also required for any data you currently hold if you acquired it via pre-ticked checkboxes or any other means.

So how can you get your site ready?

  • GDPR Privacy Policy,

You need to be stating what data you collect, store and how you handle this data. You need to be including any third-party plugins you may be using that stores users personal data (Google Analytics, Facebook Ad’s, Contact Form 7 DB). There are many templates out there which can help and guide you. Privacy policy’s must be written in a simple manor and clearly outline what data you hold, when it’s deleted and how you handle it both online & offline.

  • Audit your site

Go through your site. You need to be making sure any software, platforms, frameworks, plugins are also GDPR compliant. and make reference to their compliancy.

  • OPT-IN Check box with link to Privacy Policy & Terms and conditions on ALL forms before the submit button. for example ….

– i do not want to revice promotial material.

– i do want to receive promotional material

– i agree to the privacy policy (link to privacy policy)

  • Users MUST be able to request their data, we suggest a contact form clearly displayed on the site or your contact details highlighted within your privacy policy.
  • WordPress

If you are using WordPress good news! WordPress if going to be GDPR compliant after 15th May so make sure to update your WordPress install and any other plugins. However, please keep in mind that this is just the core and does not mean the front end is GDPR ready. Most if not all plugins will be revising their privacy policy’s so be sure to update them.

  • If you store customers details in an online database make sure they are fully encrypted and secure and deleted after a certain time frame.
  • Make sure your hosting & site is secure and all plugins, frameworks and systems are up to date.

Of course, this is just a rough overview and GDPR law will change depending on your company and how you deal with data, so we recommend hiring a GDPR Officer to audit your company or contacting a lawyer. Do not take this as legal advice and we cannot be held responsible for any actions or repercussions.

We have put together a list of useful blogs so you can get a better understanding on what GDPR is and how you go about dealing with it.

GDPR for small businesses

ICO – GDPR for Small organisations

ICO – Preparing for GDPR

A handy tool

ICO –Data Protection self-assessment

A tool kit to build a new privacy policy

GDPR – Build your own privacy policy

Privacy template

Website Contracts – Buy a Privacy Policy

GDPR for Woocomerce

12 Step guide for woocommerce

GDPR by Woocomerce

This is our idea of being compliant, we have no legal background and you should contact a lawyer. You also need to be GDPR compliant throughout your whole company, not just online. We take no responsibility regarding GDRP compliant and an audit of your site should be carried out by yourselves, these are simple steps to prepare you for it.

Ready for Brexit? The EU Want’s Your Domain Name!

If you haven’t already heard of Brexit, you’ve been living under a rock. But how does Brexit affect UK site owners? If you are a UK resident and own a .EU domain name it’s time to give it up. The...

Read more
Read More Posts
Local Nuneaton cafe gets new branding, website & logo designed.

Back in 2017 a client of ours became the owner of a local cafe in Attleborough Green, Nuneaton. The well-known,...

Read more
Why have my emails stopped working?

Not receiving emails? Getting a bounce back message? We hate it when this happens, waiting on an important email only...

Read more
Infographic: Why site speed is so important

Faster! Site speed is increasing getting more and more important with search engines ranking sites higher for speed. it's important...

Read more
I've known Daniel for around 20 years and during that time it has been a joy watching his talent grow into his profession. I recently commissioned Daniel to design a logo for my company and was pleased with the design and quality of the logo and constant updates and requests for feedback throughout his creative process.I will definitely look to Daniel for my future design requirements.
Ryan Ward-McConville
Ryan Ward-McConville
11:44 12 Jun 18
AMAZING! Dan is so talented and very patient, He really went above and beyond for me and I'm so incredibly happy with my website. I've already recommended him to another photographer friend of mine!
Helen Norman
Helen Norman
12:52 16 Jun 18
I commissioned Daniel to design my business logo and truly have to say it was a great experience! Daniel was really attentive and came up with numerous designs and amendments until I was happy and I love my logo! I had previously paid for the services of a different web designer in Coventry and was so disappointed with the service, attitude and designs that I walked away! Following my logo I chose Creative Script to design my website. Yet again, Daniel did not disappoint me. We were in regular contact throughout the construction of Valmya and I was able to express my own ideas and any adaptations I wanted to my site. I now have a sophisticated, easy to use branded website. I feel confident in knowing that if I need follow on assistance regardless of my website being complete, I can still email Creative Script and I will get a response quickly! Thank you Daniel!
Valmya Therapeutic Beauty
Valmya Therapeutic Beauty
18:07 18 Feb 18
Dan and the team at Creative Script have helped deliver a great value, high quality website for me at a great price. In addition they helped us with our logo and business card design requirements. I would recommend them to anyone.
Robert Stoubos
Robert Stoubos
18:43 16 Feb 18
Very happy with the services, he is very knowledgeable at what he does , I certainly will have another website off Daniel at some stage, highly recommend you get a website built by this company, thank you again
James Mckay
James Mckay
15:48 26 Feb 18
Great service, easy to communicate with and really takes your ideas on board. Would recommend to anyone.
Brad Morgan
Brad Morgan
11:40 09 Mar 18
Very good company. The team at Creative Script are very talented. They built more than one website for me from absolute scratch. Their prices are on point as well ... great value.
DJ Proclaima
DJ Proclaima
10:21 10 Oct 17
Daniel at Creative Script has helped deliver a great value, high quality website for me at a great price. He helped us with our logo, after a lot of looking around for people to design my website i'm so glad we came across creative script and went with Daniel. very very pleased with the results and great communication through out building the site .highly Recommended.
Martin Casey
Martin Casey
12:10 15 Jul 19
Fast, reliable and professional. Designed my new business logo for me, cannot fault the services CreativeScript provided. Will definitely be using again in the near future
dan wood
dan wood
17:56 22 Aug 19
Created an amazing website for my business. I started receiving organic leads within a month! Would highly recommend.
Deynah Briscoe
Deynah Briscoe
15:59 09 Jan 20
I am now planning my fourth web project and again CreativeScript will be working with us and designing the new site as they have for our others. Very flexible working relationship with milestones delivered on time and within budget.
Jerry Howells
Jerry Howells
21:39 03 Oct 17
I am now planning my fourth web project and again CreativeScript will be working with us and designing the new site as they have for our others. Very flexible working relationship with milestones delivered on time and within budget.
Jerry Howells
Jerry Howells
01:00 05 Oct 17
CreativeScript are very professional and knowledgeable! The website he created for me is absolutely spot on and exactly what I asked for!and the price is amazing!He provides very good after care with your website and never just goes cold on you once he's finished!Will definitely use again!Thank you!
Skyviid Team
Skyviid Team
17:49 08 Sep 20
Excellent service, produced just what we were looking for and were very patient. Would highly recommend!
Noble Kitchens
Noble Kitchens
10:40 03 Feb 21
Helpful from start to finish, talented & made a perfect website 👌🏽 Will recommend to everyone
Karan Kandohla
Karan Kandohla
13:09 03 Feb 21
I've now had two amazing websites by built by Creative Script, and must say they have delivered exactly what I've required on both occasions, first class and very professional, nothing is ever too much trouble, I would highly recommend.
Michael Farquharson
Michael Farquharson
18:03 14 Feb 21
Highly recommend, super helpful with getting my site issues I fixed and always willing to give more time for all the additional questions I had.
Motion Refind
Motion Refind
09:44 20 Mar 21