Deadline has passed – What now with GDPR?

Its been 6 months since the GDPR deadline, where anyone with a website had to upgrade their site to cover GDPR guidelines or risk heavy fines.
We have heard little news since about compliance, considering the hysteria that was being built up before the May 25 deadline.

The biggest question we got asked was

“If our website (and business) isn’t compliant, would we get a warning and timeframe to get compliant or just a penalty?”

That was an answer that no one knew for sure and evening calling the ICO gave little answers. The result was companies getting compliant to avoid the worst case scenario. Even now over two months later, it is not clear what will happen to websites that are not compliant.

It would be very easy to write a simple piece of software that gives a list of all urls in the UK without an SSL certificate for example, or you can manually visit a website and know immediately what their status is by looking for the Green padlock in the top left of the browser.

The GDPR enforcement affected everyone, whether you ran a simple blog or were a fortune 500 company – anyone with an online presence was expected to make these changes or face heavy penalties.

Indeed, 90% of our clients welcomed us to upgrade their website, which is a time-consuming and costly activity that cannot be done in a day.

Installing an SSL Certificate is at best going to take 3 – 4 days, once you factor in buying the certificate, validating it (This is where you wait 2 days for the certificate to be approved by Comodo) and then installing it on the server and finally on the website.

The other changes like the cookie control pop up, and the 3 privacy documents (Privacy Policy, Cookie Control, Terms and Conditions) can all be completed relatively easily, once you have these documents prepared.

These pages can be linked to from the footer, the cookie control pop up and any online forms.

Finally, any data being sent from an online form requires an opt-in from the user, allowing you to store their details.
Under the new regulations, users need to manually opt-in before they give you their details via an online form. The opt-in should also be accompanied by a Google Captcha for security.

Whilst there are still many websites that have not made these changes, (Its easy to spot the missing Green Padlock and the words ‘Unsecure’ in the top left on any browser) we strongly suggest that you get your website upgraded rather than wait to be contacted.

It is not clear whether fines will be given immediately or whether a warning will be issued first and a timeframe given to get compliant or a direct fine.

As soon as we hear of any individual cases coming to light and the action taken we will let you know.

Until then, if you have the budget to get compliant its really worth doing it now as the regulations will not go away and browsers like Google Chrome are highlighting any websites without an SSL even more prominently with every browser update.