GDPR One Month On – Are You Compliant Yet?
If you haven’t heard of GDPR yet, I’m both jealous and confused as to why you haven’t.
Well, in the past month you may have noticed your inbox being bombarded by thousands of emails from companies you signed up to 20 years ago, letting you know that their policies are being updated. And now pretty much every website you go on now has a cookie bar slammed on it somewhere, asking you if you consent to cookies.
Fun stuff, right? Yeah, I thought so too. Well, this is all down to the mad rush of companies trying to become GDPR compliant before the deadline hit. So, where are we one month on?
Bit confuffled on the whole GDPR schtick? Find out more about it here.
Last month’s GDPR-pocalypse was something nobody was really looking forward to. Reviewing all your data, making sure your website is compliant, the whole shebang. So how are we one month on?
Well, for starters, not much has really happened. GDPR is mainly going to be targeted at larger franchises and businesses. Europe based companies like Volkswagen, Tescos, Vodafone and many others were at much higher risk of being caught out because of the unthinkable amount of data they store, so it makes sense to target them first.
Now, this may seem a little drastic, but it’s definitely necessary. If by chance you do come into the firing range of GDPR, then don’t stress about it too much.
The ICO (Information Commissioner’s Office) will first issue you an audit on all the lovely little things that are wrong with your site. You will then receive a single month to rectify the issues. If these aren’t done, a fine issued at 4% of your global income will be given, which, as tempting as it sounds, isn’t actually that great.
So What Can I Do?
“How do I fix my catastrophe of a website?” you ask. Well, there are a few different options. You can put a couple (of thousand) hours of research in, and you can try to go around fixing the site yourself.
However, this is a risky move as you may devote countless hours to research and result in still not having a compliant website. You could throw hours into researching things like cookie policies when in actual fact, you only need to do a couple of things.
Your second option is to get someone else to do it for you (cough, cough, Bowler Hat, cough). Outsourcing a company to do it for you is naturally going to be more expensive than doing it yourself.
But is it honestly worth the risk? There are thousands of agencies offering you the “premium GDPR audit package”, which is probably going to stress you out because you don’t know which one to choose.
Well, take a look at what they offer. How much do they charge? What does their audit actually cover? If they’re going to charge you a small fortune for a 10-minute audit, then it’s not exactly worth it. But for the ones that have a fair price and well-structured audit (COUGH, COUGH) then it’s definitely worth investing.
What If I Don’t Want A GDPR Audit Thingy?
Well, that’s your funeral. Let’s be real for a second, you should already be compliant in most areas. Simple things like having your data encrypted or simply having a consent button on your contact forms can make a huge difference in both user satisfaction and site security.
In 2012, before GDPR was even a thing, Greater Manchester Police was fined because one of their officer’s USB sticks was stolen containing details of about “1,075 people”, which resulted in a nifty £120,000 fine because it wasn’t encrypted. Lesson learned I suppose.
This kind of stuff should be second nature for both internal and external systems. We have a pretty good blog about making your site secure if you’re looking for somewhere to start.
Tell me, is there a tiny little padlock icon in the URL box of your site? No? Boy, do you have a job to do. As much as you think it’s unlikely to happen, your site can, in fact, be hacked.
According to Google, one of the main possibilities of being hacked is not enabling HTTPS on your site. Risky business, right? Well, lucky for you (not really), there are loads of other ways that your site can be hacked, meaning all your client data is also at risk.
If you purchased a brand new Ferrari on your debit card today and found out your debit card details and all other details Ferrari had on you had been compromised by a 12-year-old hacker living in the middle of nowhere, you probably wouldn’t be too pleased. That’s why it’s vital that you make sure all your data is secure, no matter what site or company it is.
Now, we’re only the first month into the whole GDPR thing, however, this is still vitally important to get sorted ASAP as your site is still vulnerable to being hacked.
What Do I Do Now?
If you haven’t got the gist yet, I’ll give it to you simply. Get. An. Audit. Here at Bowler Hat, we literally spent days researching into GDPR before it came into effect, so we’re pretty caught up on the whole GDPR schtick. Here’s a 2-minute checklist for you to see whether your site is compliant. If it isn’t, please get in touch. It’s for your own good.
- Is your site HTTPS?
- Is there a consent button on any contact forms or newsletter forms notifying the client about what data is being stored when they sign up?
- Do you have a cookie consent bar?
Any of these missing? If even one of them is, you’re realistically going to need an audit doing on your site. Feel free to get in touch to receive your GDPR website audit. We have pretty good experience with it.
What’s The Conclusion?
Well, don’t expect to stop getting the privacy emails you so desperately want to receive, and those funny little cookie bars getting in the way of every site you visit aren’t going to be going away any time soon. However, in relation to you and your website, it’s pretty clear that you NEED to become compliant. And at least now you know what the risks are of not becoming complaint.