LATER THIS MONTH NEW EUROPEAN GDPR REGULATIONS COME INTO FORCE, WHICH WILL AFFECT THE WAY THAT YOU STORE AND PROCESS THE PERSONAL DATA OF EU CITIZENS. TO BE COMPLIANT THERE ARE SOME IMPORTANT CHANGES THAT YOU’LL NEED TO MAKE TO YOUR WEBSITE.

Let’s start by reminding ourselves what GDPR is all about…

The EU’s General Data Protection Regulation (GDPR) is designed to give people more control over how organisations use their data. The regulations overlap with with The Privacy and Electronic Communications Regulations (PECR) which cover the the use of cookies and electronic marketing communications eg email. The legislation affects any company that stores and processes the data of EU citizens. Each EU country has a different body overseeing compliance. In the UK, GDPR will replace the Data Protection Act 1998 and will be enforced by the Information Commissioner’s Office (ICO) who have powers to impose hefty penalties up to €20million or 4% of annual turnover (whichever is higher) for organisations that fail to comply with the rules. The fines also extend to organisations that suffer serious data breaches.

GDPR doesn’t just affect large companies. If you have a website or hold any personally identifiable information (including name, email address, phone numbers etc) for your clients, suppliers, partners and / or employees located within the EU you have to be compliant. GDPR does not apply to non-personal or commercial data eg sales@ email addresses.

In a nutshell it means you have an obligation to:

  • Be clear about the lawful basis upon which you are storing or processing the personal data of EU citizens and only use it for the purpose that the consent was given. There are 6 types of lawful basis (consentcontractlegal obligationvital interestspublic task or legitimate interest).
  • If you don’t have a lawful basis upon which to store and process personal data you will no longer have the right to use it after the 25th May 2018 and the data should be erased
  • Ensure you get (or, in the case of older data, have) agreement, in a GDPR compliant format, from the EU individual for you to store the data, and communicate (via privacy notices and help text) how you will process the data collected, including the rights of the individual to access, remediate or erase the data.
  • If you are collecting personal data for more than one purpose, gain separate consent (unbundled and freely given) for each purpose and have a clear, audit-able process for recording (and storing) the date and method of consent.
  • Only hold the data you actually need and only store it for as long as you need it
  • Keep the information secure and, in the event of a serious data breach, notify the ICO (or applicable body in other EU countries) within 72 hours
  • If you process the data of under 18’s, have systems in place to verify individuals’ ages and obtain parental or guardian consent for any data processing activity of individuals under the digital age of consent (in the UK the digital age of consent is 13 years old and over, in other EU countries it is 16).

For the purpose of this article we have focused on the implications of GDPR for your website. Please be aware that you probably also store and process personal data in places other than your website, such as your email marketing software, CRM software, accounting software, payroll software, in offline printed formats and more. We strongly recommend that you familiarise yourself with your obligations under GDPR for data held elsewhere.

Lets get started!

Latest Articles

New Integrated Communications

New Integrated Communications

Exciting news! Our new Integrated Communications bolt-on option is now live. As of today, this new suite of integrated communications tools includes SMS text messaging and Airbnb Messages. WhatsApp integration is coming soon. Please view our latest explanatory videos...

read more

365Villas Software Enhancements

Dear 365Villas User Community, We’re delighted to inform you that the following enhancements have been deployed:  New and improved main menu structure. Extensively simplified secondary menu navigation (Landing Page Navigation) throughout the platform.Icon legend...

read more
Direct Connection with Vrbo

Direct Connection with Vrbo

Great news! Our direct connection with Vrbo is now generally available to all users. The connection service is offered from 365Villas on a Free-of-Charge basis. Standard booking commissions will apply with Vrbo.To celebrate this exciting new development, we’re...

read more
The 365Villas Mobile Challenge

The 365Villas Mobile Challenge

365Villas is initiating a big challenge for itself and for the vacation rental software industry at large, and we’re inviting you to take part!

read more