How to make my website GDPR Compliant ?

What is the GDPR?

General Data Protection Regulation (GDPR), Its a new law adopted by European
Parliament and will be applicable by 25th of May. The main aim of this law is
to protect user’s personal data and to make sure that privacy of EU citizens
for transactions.

Why GDPR needed?

In one line, its needed to enhance the protection on personal data of EU
citizens. It will be implemented and is an essential step to strengthen EU
citizens’ fundamental rights in the digital age. It expands the control of
individuals to manage how their personal information is collected and
processed.

GDPR compliance is not just a matter of reviewing few terms and tick few boxes.
It will require and protection in real sense and you need to follow data
protection principles. To avoid a huge level fine and reputational damage all
companies and vendors need to follow the GDPR compliance.

Worst case scenario,
the associated fines of non-compliance are up to €20 million, or 4% of your
global turnover — whichever is greater.

The key factors of the GDPR :

It basically applied to personal data which is getting saved in company
database directly or indirectly which may be :

  • Name
  • Address
  • Email address
  • Photo
  • IP address
  • Location data
  • Any documents submitted by individual

Which type of companies will come into GDPR compliance?

Any company either more than 250 employee, less than 250 employee, stores /
process personal information about EU citizens must comply with GDPR.

How to make my website GDPR Compliant ?

Its a important part and question, as the organizations who run the websites
and apps will also be effected with this law. We are listing down few major
areas of website that a website owner need to take care :

1) If you are storing customers data while selling products.

2) A website which have area from which customer’s are login and registering
their info.

3) A website which is collecting subscribers and data from newsletters.

4) Any type of data which is either submitted by simple contact form or for any
enquiry.

5) Any type of address, personal data, credit card info or anything

These are few major areas where a website owner need to take care for sure.

Now solution, the first thing you need to do is SSL certificate. If you are
collecting payments on website then SSL is must have thing.

Another important thing is Websites that use HTTPS send data over an encrypted
connection so there is a option where you could say that website has an SSL
certificate and you have GDPR compliance but the data in the database itself is
stored encrypted so if the database was breached /hacked, the personal data
would still be exposed.

Another option that will be useful, is to encrypt the data. So data which is
getting submitted through any forms and getting stored in database can be
encrypted. So with this, it doesn’t matter if someone will have your Database
access because they will not be able to read the records.

How Freelancergurus can help you ?

We can assist you in both type of solutions from installing HTTPS to encrypting
your customer’s data. Either your website is in any CMS (WordPress, Drupal,
Joomla or anything) or in any Framework like Laravel, Cake php or anything. We
can help you in all the scenarios and protect your customer’s data.

Please drop us a line and we will get back to you asap.