383px Flag Of Europe.svg

What you need to know about the General Data Protection Legislation (GDPR) – Website Security

by

As of May 2018, a new European Union (EU) regulation came into effect called the General Data Protection Legislation (GDPR). This regulation pertains to any company which processes the personally identifiable information (PII) of EU citizens. This data is not limited to sensitive PII such as social security number, and includes such basic information as name, phone number, and email address. It is also not limited by the size or physical location of the organization, or the permanent or temporary residence of the EU citizen.  Anyone who collects and stores PII for EU citizens is subject to this regulation.  We advise anyone who has a website to review the regulation with your legal team to ensure that you are compliant.

GDPwhat? Big Picture

In a nutshell, the regulation adds additional protection to PII for all EU citizens, regardless of their physical location, or the location of the organization they are sharing their data with (website or otherwise).  The regulation outlines what is protected, the requirements of the data handling, and prescribes greater fines than in the past for non-compliance.

What to know about the GDPR

There are an abundance of resources available for GDPR which we recommend reviewing, but the key items to keep in mind are the following:

  • PII must be collected in a legal, fair, and transparent manner.  It shouldn’t be used in any way that wouldn’t reasonably be expected, and furthermore it should always be clearly communicated to the user how the data will be used.
  • PII must be kept up to date to ensure accuracy, and should not be retained for any longer than necessarily to fulfill its intended purpose.
  • PII must be accessible to EU citizens at any time in the form of a copy, and they have the right to edit, delete, or move their data at any time.
  • PII must be stored in a secure manner.

How to ensure compliance with the GDPR

As mentioned above, GDPR is ultimately a legal matter, and as such any organization working towards compliance should first and foremost work with their legal team to understand the regulation in full and how it applies to their particular relationship with customer’s PII.  As such, the following should only act as general information to help you understand what steps might be required.

  • The first step for any organization should be to perform a full audit of what customer data they currently store and collect, as well as its purpose and ability to be accessed, edited, and deleted by customers.
  • Review how consent has been obtained and documented for the storage and use of customer data.  Consent should be stored alongside the customer data, and should be provided by the customer in an affirmative way (ie. pre-checked boxes are no good here).  In addition, the use of the information must be presented clearly to the customer upon granting consent.
  • Make sure you have a clearly visible privacy policy in place that complies with the GDPR.
  • Privacy by design:  All systems on your website should be built with customer privacy in mind, and specifically in consideration of the GDPR.
  • You should establish a clear set of data breach procedures.  In general, the GDPR requires organizations to report data breaches within 72 hours of detection.
  • Make sure you are fully aware of any third party providers who store or collect PII on your behalf.  This includes mailing lists such as MailChimp and payment processors such as authorize.net.  Communicate with these service providers to ensure that they are managing any stored PII for your customers appropriately.

We’re a small US based company who only does business locally. Why worry?

We often have clients who feel they are exempt from the privacy considerations covered by the GDPR on the basis of one of the following excuses:

  • We only have 5 employees.  It doesn’t matter what size the organization is – the GDPR applies to anyone who handles the PII of EU citizens.
  • We’re a US based company.  As stated above, it does not matter where you are based, if you handle EU citizen’s data, you are subject to the GDPR.
  • We only take orders from US addresses.  There are many EU citizens living in the United States, and their privacy rights are protected under the GDPR no matter where they reside and no matter who they do business with.  Don’t assume that just because you only do business in the United States, that you are not interacting with EU citizens.

Even if you are 100% sure that you have no interaction with EU citizens as part of your data collection and storage, rather than take the approach of ignoring the regulation altogether, you’d be wise to follow its principals as to be a better steward of your customer’s data.  Also, it’s likely more a matter of when, than a matter of if such a regulation will ever come into effect in the United States.

How can we help?

If you are currently on a maintenance plan with us and we haven’t touched base with you already, we will be in contact soon with any further specific guidance and recommendations. If you are not currently taking advantage of our maintenance plan service, we encourage you to consider signing up to ensure that your website is kept updated, secure, and compatible with the latest web technologies. You can read more about our plan here: https://www.watermelonwebworks.com/web-services/website-maintenance/ .  While GDPR compliance is something you should work closely with your legal team on, we certainly are here to help answer any questions, as well as to work hand and hand with you on implementing technical solutions to ensure compliance.

Resources

Official regulation website

Full text of regulation

eugdpr.org

ZDNet Executive Guide

 

Leave a Comment


Work With Us

We've been building websites for over twenty years, and have learned a thing or two about how to make web projects go smoothly.


What Our Clients Say

Watermelon Web Works, LLC place picture
Watermelon Web Works, LLC
4.7
Based on 19 reviews
powered by Google
review us on
OMS Anita profile picture
OMS Anita
22:20 29 Nov 24
Watermelon Web Works has been incredible to work with. They are patient, understanding, and quick to answer any questions (or emergencies) you might have. After switching over to them to help re-vamp our online retail store, we hired them to build our wholesale website as well. I can't recommend them enough - Thank you team!
Garrett Lister profile picture
Garrett Lister
19:55 10 Jul 24
Jared and the watermelon team were great - they quickly interpreted our website needs and designed a wonderful site. The project management site worked great to keep track of project.
N B profile picture
N B
21:23 14 Nov 23
My previous web developer who I was very happy with retired and I was pretty sad about it because it seems now days it is hard to hire a web developer close by with a good set of skills who is interested in helping small business at reasonable prices. Then I found Watermelon and I have been very happy. They are responsive, are able to solve problems, and work at reasonable prices.
Dark Star Magick profile picture
Dark Star Magick
18:05 03 May 23
We hired Watermelon to help us with our website. They were very thorough and took the time to explain in layman's terms what they were doing and how we could improve SEO and site functionality. We will definitely be back for future website needs!
Astoria Column profile picture
Astoria Column
18:42 24 Apr 23
Great work and amazing service! We're a non-profit, and our priorities are always focused on maintaining the Astoria Column. We had a website built by someone else a few years ago, but without regular updating and maintenance, sections of our site were no longer functional. Joanna and the rest of the team came in and had everything working within a week and it's been smooth sailing since then!
Ben Harris profile picture
Ben Harris
19:25 26 Aug 19
Watermelon has been a fantastic web development partner. Through every phase of our project they have always been 100% responsive to our requests and have always provided highly knowledgeable, creative, prompt, and personable team members to work with. As a financial institution we’re always concerned about the security and maintenance or our website and Watermelon has always provided the appropriate resources in order to meet and/or exceed our compliance and security requirements. We would surely refer them to any business associates looking for a qualified WordPress web designer in the future. – Denali Federal Credit Union
Mohr IP Law Attorneys profile picture
Mohr IP Law Attorneys
00:33 11 Apr 19
Watermelon Web Works did a great job creating a custom shopping cart page for our firm. Gavynn in particular was especially helpful and responsive. We appreciated the upfront costs and the technical competency of Watermelon Web Works and would not hesitate to work with the people there again.
Kim Markle profile picture
Kim Markle
23:36 08 Feb 19
Our company has been working with the Watermelon team for more than 10 years to help build and grow our website and customer portal. They are not only extremely talented and responsive, but are continuously looking for ways for us to enhance our current website. They are consistent, provide excellent customer service and really know what they are doing. Highly recommend!
Rick Brodner profile picture
Rick Brodner
23:23 12 May 17
I cannot say enough good things about Watermelon. They are terrific communicators, highly competent coders, and really, really nice people. They were instrumental in helping us to assemble a very usable, easily maintainable website for our organization. They' have demonstrated great flexibility in accommodating our evolving needs. They have been highly responsive to any technical issues, typically resolving them in less than 4 hours. Watermelon Web Works will make your organization better, and your CFO/Treasurer will be happy when they see the bill - what more can you ask for?
CLOSE

>Locations We Service