My Dearest Valued Customers,

 

The internet is constantly changing.  Because of this, at World Wide Web Designers Inc., we are constantly researching and learning along with our daily work, to stay on top of current design trends, upcoming regulations, and new software to make your website the best it can be.

 Huge changes are happening right now that affect your website

 The European Union (EU) put together a set of compliance standards for user data called the General Data Protection Regulation, or GDPR.  The primary aim of GDPR is to give European residents control over their data.  The GDPR holds every business accountable to make security arrangements, update security settings, offer data portability, update your terms and conditions and privacy policy, and secure every aspect within your business that houses personal customer data.

The main points of this 100-page legislation (with all the details here: GDPR portal) are outlined here:

  1. Consent – Everyone whose data you collect must consent to you doing so. This doesn’t just apply to data gathered via forms but also to data picked up in the background such as IP addresses, if it’s used to identify an individual. And you must be transparent on how their data is processed and used.

 2. The Right to Access – Individuals will have the right to access to their data.

3. The Right to Be Forgotten – An individual will have the right to have their data erased.

  1.  Privacy By Design – Integrate strategies necessary to protect customers information thoroughly throughout all aspects of your business regarding their personal data.

Because your website displays all over the world and potentially collects data from European citizens – you must comply to their new standards.  These are good practices to have in place whether the EU regulated them or not.  These standards require us to keep our customers data private if they desire.  This also requires you to promptly provide the European government with information of all data if data is lost if a data breach occurs.

If you do not follow these new GDPR regulations, you have potential to be liable for the data that is lost and subject to a fine of 2 to 4% of your total gross revenue or up to 20 million Euros.

 

 

What Is Required Of World Wide Web Designers

 

We maintain your website.  We consistently update your WordPress core and maintain up-to-date versions of all active plugins.  We already provide multiple security measures to ensure the safety of customer information on every site that we build and host.

 If your site was custom-themed by World Wide Web Designers, we’ve already taken the time to make your theme’s code GDPR compliant.  We will ensure that the plugins that we use to build your site are also GDPR compliant, and if they aren’t, offer alternatives to you.

 If you have an SSL installed already, we update it yearly with new valid certificate information that protects customer data while it is in transit from their browser to our database with super-secure 2048-bit encryption.

 We will be removing ourselves from all CC and BCC on emails that we receive from all our client’s websites.  If we accidentally receive an email from your site (due to a calibration error or otherwise,) it will be promptly deleted to keep the data of your customer safe.  So please test all your forms to make sure you are receiving them, as we are removing ourselves from all admin email settings May 25th, 2018.

 We keep a close eye on all our databases and will notify you immediately within 24 hours in the event of any security breach: in customer data, or in your websites files.  We will actively work with you and/or your Data Protection Officer to provide information to the necessary sources.

 Conglomerate companies with MILLIONS of dollars-worth of security still get breached, i.e. Equifax, eBay, Yahoo, Target, and Adobe to name a few.  So, while a site is never 100% secure (and the actual the value of some of the data is arguable: names, addresses, and email addresses,) World Wide Web Designers takes as many extra steps as possible to maintain the utmost level of your sites stability and security 24-7.

 

If you would like us to make your website GDPR compliant we will have to audit your site as each business is unique and compliance updates with vary from site to site.

 

 

What is Required Of You

 We do not own your website – you do.  It is your responsibility as the owner of your site, to ensure your site is GDPR compliant.  Of course, we will assist you in any way we can to make your website compliant, but this is not a complimentary service.  All updates made to any website (forms, privacy policies, etc.) for GDPR compliance will be billable at our usual hourly rate.

 It is HIGHLY recommended if you do not yet have an SSL on your site to add one immediately.  A Secure Socket Layer (SSL) is necessary protection to ensure the safety of your customers’ information while it is traveling to your database.  World Wide Web Designers will renew your SSL yearly which creates a secure, 2048-bit encryption.  A valid SSL keeps customer data safe Ignoring an SSL may be considered negligence of protecting customer’s information under the new GDPR regulation.

 A Checklist To Get Started

☐ Determine what personal information you have, where it came from, and who you share it with

☐ Review and update your Privacy Policy to adhere to new GDPR regulations (see below for important info to include in your privacy policy)

☐ Implement a plan for how you will delete personal data, enable updating, or provide it in a commonly used format upon request.

☐ Ensure that you obtain and record consent for every collection and use of personal data. You can no longer use pre-ticked boxes to opt in or default to acceptance of policies.

☐ Update all forms with statements as to why you are collecting the data and how you will use it.

☐ If you send email marketing, include information on why you’re emailing them and how you got their data. Double opt-in’s must be present to ensure you have informed consent on all emails.

☐ Plan for and document how you will detect, respond to, and report a personal data breach.

☐ Familiarize yourself with data protection by design practices and work out how to implement these principles for your site.

☐ Consider designating an official data protection officer (DPO). Some organizations are required to designate a DPO, but for others, it’s optional yet recommended.

For eCommerce websites If you will be using data you obtain in the sales process for other purposes, such as emailing recommendations or special offers, state this when collecting the data and give people the option to opt out.

For eCommerce websites If possible, avoid collecting financial data yourself and use a third party service to take payments such as Stripe or Paypal.

For eCommerce websites Add an easily-accessed ‘My Account’ page on your website where people can access and delete their data if they desire.

 

 

Important Information to Include In Your Privacy Policy

You must include a privacy policy on your website with details of the data you process and hold, what you do with it, whether you share it, how people can access their data and how they can delete it or have it deleted. (I cannot write a privacy policy or terms and conditions for your company and it is not recommended to use a free template/builder.)  I do not know how you handle your clients’ information outside of the website we built for you.  But the GDPR applies to your non-website data as well.  Be sure to stay compliant on all your platforms that sensitive/personal customer data may occupy.

Privacy policy MUST dictate what happens in the event of a breach.  This does not just apply to your website.  What happens if someone hacks your business computer? What if someone steals your customer information from your accounting software?

Be sure to include these bullets about your website in your privacy policy.

  • We use cookies on all of our sites to personalize the user experience, to improve the website, improve customer service, help remember and process cart items, save user preferences, and to compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services to track this information on our behalf.
  • If you turn off cookies, it may affect your user experience as some of the features of the site will be disabled.
  • We don’t use analytics software to track individual data. We keep your reporting and analytics to the level of anonymous group data. We don’t use analytics software to track IP addresses.
  • We do not store ANY credit card information, social security numbers, or other confidential information. All payment processes happen on third party services.
  • Google Fonts and Maps us cookies and send a user’s IP to Google.

 

I would like to summarize by saying that I am not a lawyer nor a GDPR compliance expert.  To be 100% sure that you are compliant I recommend having your site audited by a security professional and/or a lawyer if you are concerned in any way about liability due to GDPR and security compliance regulations.  We do our best to make everything we do GDPR compliant and secure.  But you should always get outside legal counsel. We shall not be held accountable for anything that isn’t compliant with government regulations or privacy.

I know we all did not get into online industry or our online businesses because we wanted to deal with data legislation, but we cannot bury our heads in the sand with something this important.  While this is news to a lot of us in the US, the regulation was made over 2 years ago and it goes into effect May 25th, so compliance measure must take place as soon as you can to avoid the harsh penalties of the EU.

Lastly, DON’T’ PANIC!  About 65% of businesses aren’t ready for the compliance requirements on May 25th.  From what I read, if you are performing steps to get to 100% compliance, EU will be forgiving.  A lot of my clients already have many of these security features in place, such as opt-in checkboxes, double opt-in emails, updated privacy policies, and security certificates.  But if you do not have security measures in place, please take the time to consider the safety of your visitors and customers’ data.

Please to not hesitate to call or email with any questions you may have.

 

All My Best,

Dan Kwarcinski

Owner, Designer, Developer – World Wide Web Designer, Inc.
847-345-3452

 

Resources: