GDPR compliance, data privacy, data security, HIPAA, privacy policy, cookie policy, SOX, data breach protection, the list goes on and on. If you use the internet you can’t escape the unrelenting notifications from just about every service you have ever used on the internet. All of them asking you to accept their new privacy terms and cookie policies. All of these notifications are being driven by the fact that the new General Data Protection Regulation (GDPR) goes into effect on May 25, 2018 and there are some hefty fines for company’s that don’t comply with the new regulation.
As a result of all this hustle and bustle around internet and data privacy you are probably asking yourself; do I need to update our website to comply with GDPR or do anything else for our business to make sure we are not fined? Well, we hope this plain language quick guide can help you protect your business, your customers, and your data quickly and easily.
Disclaimer: This is not legal advice! You are responsible for understanding GDPR requirements and for a full understanding please seek legal counsel. Our goal is to be helpful and give a high-level common sense overview of what you need to do to comply with GDPR.
GDPR decision tree for US companies:
Personal Data Definition: Information relating to an identifiable natural person. A person can be identified from information such as name, identification number, location data, online identifier (IP or MAC address), or other specific factors that allow you to determine who they are as a natural person.
What you need to do if you need to comply with GDPR
Standard data and device security measures apply, these are straightforward and you should already be doing all of these data breach protection measures: password policy, secure website, updating your website plugins regularly, running anti-malware, end point security for devices that can access business or customer information like email or company data of any kind. End point security is data encryption, remote wipe, remote lock, password policy enforcement, and the like. For a list of resources please go to our resources page. If you need to install remote wipe data breach protection and prevention please sign up for DriveStrike.
New things you need to consider:
- Update your privacy policy. You can copy and edit ours or go to https://docular.net/ and signup to use their template. They have free and paid versions – both are good and you will need to pay attention to detail when selecting specific responses for each clause.
- Create a cookie policy and post it to your site. Here is some sample text you can use: “This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping baskets, and provide anonymized tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website aboutcookies.org which offers guidance for all modern browsers.”
- Implement a cookie disclosure notification. Use a notification that website visitors see – you are probably noticing these all over the place these days. If your website is a WordPress or other template you can install and enable the plugin easily. If your website is custom you will need to contact your webmaster and ask them to implement a viable solution.
For detailed information on GDPR you should visit:
https://ico.org.uk/media/about-the-ico/consultations/2014789/draft-gdpr-contracts-guidance-v1-for-consultation-september-2017.pdf
https://gdpr-info.eu/
“https://www.gdpreu.org/”
Please let us know how we can help you protect your data and devices. DriveStrike is the best available data and device security solution on the market. We aim to help you protect against data breach and empower you to manage your data breach risk from end point mobile device compromise. DriveStrike remote wipe is an inexpensive secure platform that supports remotely wiping lost or stolen laptops, iphones, androids, and tablets running Windows, MacOS, iOS, and Linux. Sign up for DriveStrike and start your free trial – while we do require that you enter your credit card information we do not charge you until after the trial period.
If you have further needs in securing your data and devices please feel free to contact us.