How safe is your websites data? Are you GDPR compliant?
Your websites data; here’s what you need to know…
How to Protect Your Website’s Data: –
As technology becomes even more prevalent, data and website protection must be adjusted to prevent our personal data from falling into the wrong hands. One way to overcome this is to implement an appropriate website security plan, which involves understanding the different threats and how they could affect your site, as well as taking the necessary steps to safeguard your data against different types of attack.
Understand the Risks Facing Your Website
Behind the scenes, your website is nothing more than folders holding individual files. Depending on the complexity of your site, it may also involve databases storing your data and your customers’ information.
This type of data is very susceptible to “Hacking” attempts. These hacks can be initiated with the intention not necessarily to spread malware and other computer related viruses, but to capture the personal data customers have stored within your website’s databases. Protecting their data as well as your site’s code is vitally important to your business’s reputation and ultimate performance.
What Type of Data Your Website is Storing
Now that you have a good idea what you’re up against, it’s important that you take the time to fully understand what types of data your website is storing so that you can come up with a plan to protect this information.
First, there’s the data associated with your website itself: the code files and databases we mentioned earlier that are necessary to its operation.
However, you may also have any of the following types of customer data stored within your server or hosting account:
- Newsletter subscriber opt-in information, including name, email address and/or segmentation data
- Customer data, including all of the above, alongside purchase data, payment methods and other profile information (such as passwords and preferences)
- Browsing data, tracking who has visited your site and what activities they’ve undertaken
In some cases, this information may be stored within a third-party tool that communicates with your website; for instance, an email newsletter management service like Mailchimp or a CRM that gathers subscriber data but stores it externally on its own servers. Though you’ll need to take fewer steps to protect this data, it’s still important to understand where it exists and what steps you need to take to ensure data is safe and kept in compliance to new GDPR laws.
If you aren’t clear on what types of data exist on or are captured by your website, your hosting provider may be able to help. You can also get a good idea by walking through common activities on your site and making a note of any place where you’re asked to provide personal information.
Minimize Unnecessary Data Collection
Storing some data is unavoidable; after all, your website is made of data.
That said, there may be areas on your site where your pages are capturing unnecessary information from your visitors. Take your email opt-in form, for example. Including extra fields that provide some additional information but aren’t necessary to your ability to deliver the promised content not only means you have extra data that must be protected – it could also be a liability when conforming to GDPR.
Consider carefully whether or not every field you require users to fill out is necessary. If there isn’t a solid business case for their inclusion, delete it..
“Remember, data is a liability to you so, unless you need to keep the data, we recommend deleting it.”
Protecting Your External Data
In addition to securing the data hosted within your website or on your hosting account or server, you’ll want to consider how any data you store with third-party tool providers is protected.
For instance, take the email subscriber data referenced earlier. If you use a tool like Mailchimp, you’re relying on these providers to protect the information your followers, subscribers and customers have entrusted to you – even though you don’t directly control the storage of this data.
Whenever you plan to use a third-party tool to store some of your website or business data, it’s best to ask the following questions:
- How will the provider protect my data?
- Are they GDPR compliant?
- Has the provider been subject to past hacking attempts (and, if so, what was their response)?
Performing this analysis should help you to identify any possible red flags that might indicate you should work with another provider.
When it comes to new website data protection laws, you can’t be too safe. Understanding the full scope of the risks is the key to creating a security plan that’ll keep you and your businesses data safe.
Under GDPR a data subject has the right to erasure of their data. This means that if an individual asks you to remove their data from your systems you have to comply. This includes removing all backups, all references to, etc..
Another significant part of the GDPR is the idea that digital systems include privacy by design (privacy by default). Put simply, a users privacy should be fully considered at the very core of any digital system. By default, privacy settings should be set to their highest level with a user given options to downgrade this if they choose to. Data should also only be processed when absolutely necessary.
The maximum sanction for non-compliance with the GDPR is 20,000,000 Euros or up to 4% of your annual worldwide turnover (based on figures from the the preceding financial year), whichever is the greater.
Read GDPR is here! to find out more..
HOW CAN YOU MAKE YOUR WEBSITE GDPR COMPLIANT?
Now that you know how to protect your websites data and what data you are storing, you can set in place a data audit. A personal data audit will help you to identify all of your data processors. List them all with either a 1 or a 3 to help you track which are first and which are third party data processors.
For each data processor consider the following:
- What are you using the data for?
- Where is the data being stored?
- Do you still need the data?
For each of the third party data processors, check their respective privacy policies and make sure that they are GDPR compliant.
During your personal data audit any weaker parts of your website should come to light. An example could be a non-compliant third party data processor. Other examples could be unencrypted email accounts or website traffic. Another example might be contact form submissions that have been saved to your website’s database.
At its core, GDPR is about protecting businesses and customers data online. Read GDPR documentation.
Is your business website compliant?
If you have a new website or systems development in mind or would like our help with an existing project, then contact our friendly team on 01724 376002 or email [email protected] and see how we will make your system compliant, efficient and effective.