GDPR finds its teeth
GDPR (The European General Data Protection Regulation) was launched in May 2018 and few have not heard of it by now. This is great news for us as consumers – our personal data (contact information, IP address, name or email etc.) can no longer be kept by companies and used to advertise to us without our knowledge and consent.
It applies to you
For businesses, societies and clubs in West Cork GDPR can’t be ignored. There are legal implications and potentially large fines (up to 4% of annual turnover) for failures and breaches, and any customer has the right to report you to the regulator. This applies to organisations and societies of any size, and to any data however small. If you have a website, an online contact form or keep records of customers’ or members’ information then you are collecting and storing cookies and personal information which makes you subject to the General Data Protection Regulations. Here is a summary of what it means, news of breaches and fines, and what you should do to comply with the new law.
Breaches and fines are already happening
For those who thought that the fuss would die down, the opposite is true. In the first full month of GDPR the Irish Data Protection Commission had received over 1,100 complaints of data breaches of which over 900 were deemed to be valid. These affect small business and clubs just as much as large organisations and we can see in the high profile cases reported in the media exactly what the issues are. An Post and Harvey Norman have already had to apologise for data breaches. These related to customer details being shared without permission and a breach of data via a website.
The internet giants are under scrutiny too. In December 2018 the Irish Regulator started an investigation into a breach by Facebook. Facebook disclosed that a bug gave hundreds of apps unauthorised access to photos that users had uploaded but hadn’t made public. Facebook will be held responsible for the breach occurring in the first place, but also because it failed to disclose the issue promptly within 72 hours. Under GDPR rules, it could be hit with fines of up to €20m or 4pc of global turnover, whichever is higher. In Facebook’s case this has been estimated at €1.6bn.
In January 2019 the French regulator found that Google’s data consent policies weren’t easily accessible or transparent. Google was fined €50 million for GDPR violation in France, and could now face similar complaints and fines across Europe.
The public wants it
An SAS (business analysts) poll show that most people now expect companies to demonstrate a concern for security and respect for storage of their personal data. While the ‘right to access’ (getting a copy of your personal data held by an organisation) – topped the SAS poll at 73%, the ‘right to erasure’ is also a priority for 66%. Charles Senabulya, Vice-President, SAS UK and Ireland, says “we are entering a new data era that requires a firm grip of customer data – one that rewards consumers as well as protects their right to privacy.”
What to do?
Responsible businesses have always wanted their customers personal information and credit card details to be collected safely via their website. That became a legal necessity with the roll out of the EU General Data Protection Regulations in May. A thorough review of your data collection and storage is highly recommended, and there are plenty of resources out there to help. A good starting point is the website http://gdprandyou.ie/resources/
For your online presence there are three important things to check:
- A cookie warning and consent notice giving visitors to your website the option to accept or decline to have their cookies collected
- A GDPR statement on your website to reassure customers or members that you will collect their information securely and store it safely
- An SSL (https) certificate. Convert your website to https and add an SSL (secure socket layer) certificate to ensure that all data to and from the site is encrypted, and that your site has been verified as secure and its identity proven
Over 78% of sites are now protected and 81 of the top 100 sites on the web use https by default. Google now gives preferential ranking in searches to https sites and many malware and online security systems are blocking insecure sites.
The Fastnet Group can test your site for GDPR and Google compliance. We also fit SSL certificates, can convert your site to https and add a cookie consent and GDPR notice. Contact us at www.fastnetgroup.ie or firstname.lastname@example.org