Our £9 offer – Make your Website GDPR-Ready

Our £9 offer – Make your Website GDPR-Ready

Let’s make your website GDPR-ready.

Are you a small business consultancy looking to gain GDPR compliance for your website? Look no further than our new £9 offer, designed to help you navigate the complex world of GDPR requirements and make your website GDPR-ready.

Section 1: Website walkthrough

At the heart of GDPR compliance is the need to protect user data. This includes collecting user consent for data collection and providing clear and concise privacy policies. In Lesson 1, “What to look for on a website to make GDPR compliant,” we break down the key elements contributing to your website’s compliance.

We’ll start by helping you understand what personal data is and what it isn’t. From there, we’ll explore the different data collection practices, including cookies, analytics, and user input forms. We’ll also cover the importance of privacy policies and how to ensure that they meet GDPR requirements.

Lesson 2: Website checklist

Now that you have an understanding of what GDPR compliance entails, it’s time to put that knowledge into practice. In Lesson 2, “Website Checklist,” we provide a handy checklist that acts as your trusty companion throughout the compliance journey.

Our step-by-step guide will help you identify gaps in your website’s GDPR readiness, ensuring you have all the necessary measures. From updating your privacy policy to providing user consent for data collection, we’ll help you cover all the bases.

Let’s make your website GDPR-ready.

By the end of this short introductory course, you’ll be equipped with the knowledge and practical tools to make your website GDPR-ready confidently. Our “Let’s Make Your Website GDPR Ready” course is designed to be accessible and easy to follow, ensuring you don’t miss any critical steps.

Join us now and take the first steps towards compliance. Secure your website’s future and build trust with your users today!

If you want to know about our services, check out our page here, or why not book a discovery call here?

Five Tips for GDPR

Five Tips for GDPR

If GDPR and compliance are a concern for you or your organisation, don’t worry. Taking all the different aspects in at once can (and probably has) caused everyone to feel a little overwhelmed at some point. But it doesn’t need to. Here are the five tips to know about and why they matter.

Transparency

When it comes to GDPR, transparency is a fundamental principle. The reason why that’s the case is simple. It gives individuals as much control over their data as possible and facilitates their rights.

Control and rights are both fundamental underpinning principles of GDPR.

How does a company demonstrate transparency? The content of privacy notices is a good start. Good, compliant examples include

  • the contact details of the company;
  • if required, the Data Protection Officer,
  • the purpose and lawful bases for processing the data
  • and the categories of personal data you hold to name a few.

Mapping your data

Data mapping confuses some, but its principle is relatively easy. Mapping your data means establishing what information you hold and exactly how it flows through your company. This type of audit (also known as a mapping exercise) should be performed regularly by assigned individuals.

Doing so ensures it is maintained and amended as needed by a person or persons who are aware of their responsibilities.

Reporting breaches

Breaches can unfortunately happen, and on a long enough timescale, something similar to the list below probably will.

Data breaches can take many forms, such as:

  • Device loss or theft
  • Phishing scams
  • Hacking
  • Lost or stolen external USB drives

Breaches can also result from carelessness or lack of awareness, such as unattended computers and, especially recently, working from home on unauthorised personal devices and unprotected networks.

Reporting breaches of personal data have been mandatory since before the GDPR came into force. It just became more visible,, and the assessment for reporting changed. The Information Commissioner’s Office has a dedicated section for more information about breach reporting.

Knowing your subject’s rights

Data subjects have a wide range of rights relating to the data you hold about them, making it essential to know why you are processing the information you hold about them.

Data subjects have some or all of the following rights:

The right to be informed (Including why you are processing their data, how long you intend to retain it and who you might share it with.)

A right of access (Typically referred to as a Subject Access Request or SAR which must be dealt with in a timely way.)

The right to rectification (If the subject feels their data is incomplete or inaccurate.)

A right to erasure (Also known as the right to be forgotten, sometimes for legal reasons this may not always apply)

The right to restrict processing (In certain circumstances, an individual as the right to store their data but to stop you using it.)

A right to portability (The right to obtain their data and reuse it for another purpose or service.)

Being accountable

For both controllers and processors, demonstrating compliance and putting measures in place to meet the requirements for accountability will mitigate the risk of enforcement action. Still, it will also build trust in your business and its services and raise you above the competition.

For help and advice around transparency, avoiding breaches, mapping the data you use, subject’s rights and accountability, get in touch today; I’d love to offer you help and advice in the field I specialise in.

The Rights of an Individual

The Rights of an Individual

Data protection is all about the rights of an individual and the systems you need to have in place to comply with the requests that, sooner or later, you will be faced with from the people whose data you may hold or process.

Knowing what those individual rights are will help you to recognise a request when you encounter one. It will also be a big help when putting the policies in place to deal with them within the required time. Familiarity with these eight key rights will also help you record the requests you receive and recognise the importance of handling and transmitting the data safely and securely.

Here is a breakdown of the rights of an individual regarding data:

The right to be informed

The collection of a person’s data and its subsequent use are things they have a right to be informed about. It’s important to provide the following things:

  • The reasons why you are processing their data
  • How long you intend to retain it and who you will share it with. (This is privacy information, which has to be provided when you collect the data itself)
  • The inform you provide must be transparent, easy to understand and no longer or complex than it needs to be

The right of access

Everyone has the right to access their personal data and other supplementary information by making a ‘subject access request’ (SAR). This request can be made to you verbally or in writing by the person themselves or a third party acting on their behalf.

  • A business usually cannot charge a fee for dealing with a SAR request
  • They have to be dealt with in a timely way, usually within one month of receiving the request (this can be extended if the request is considered complex)
  • The data must be disclosed in a secure way

The right to rectification

Sometimes, data held are inaccurate or incomplete; an individual has the right to have it rectified.

  • This can be done verbally or in writing
  • Similarly to a SAR request, this must be undertaken in a timely fashion, within one calendar month

The right to erasure

The right to be forgotten is one that everyone has, although there are certain extenuating circumstances when not all data can be deleted. This might be as a result of other legal regulations and reasons.

The right to restrict processing

Whether restricted or suppressed, in certain circumstances, an individual does have the right to allow you to store personal data but not to use it.

The right to data portability

As the name implies, data portability gives a person the right to obtain the personal data you hold about them and reuse it for a different service. That might help them find a better bank, a different GP or a cheaper energy supplier.

The right to data portability applies only to information that has been given to a controller.

The right to object

Everyone has the right to voice objections to their data being used for direct marketing. However, under certain circumstances, companies can continue processing data if a compelling reason to do so can be proven.

  • You have to inform an individual about their right to object
  • You can refuse an objection but you need to be aware of the information you have to provide in doing so

Rights around automated decision making and profiling

Automated decision making and profiling eradicates the human element from decision making and evaluating certain things relating to an individual and their data.

  • Businesses can only carry out automated decision making and profiling under certain contractual, legal and explicitly consensual conditions
  • The facility to challenge a decision or request human intervention must be in place
  • Systems must be audited regularly to ensure they are working as they are meant to

For more detailed information relating to the individual’s rights and how you and your business can be fully compliant, visit The Information Commissioner’s Office website, where there is a dedicated breakdown and checklist for each.

Alternatively, reach out via my site for the help and advice of a GDPR specialist.

Knowing your data and how to handle it.

Knowing your data and how to handle it.

It is a sobering thought that every one of us has a long, intricate trail of data in the wider world.

Personal data, including email addresses, names, where we live, our families, friends, employment records, IP addresses… Each trail is specific to us; its contents can identify us.

However, another trail running parallel to the first with much more sensitive data that, in the wrong hands, could be used to target us, such as our medical histories, sexuality and our gender, race and religion.

-All that, and we haven’t even started to mention Social Media profiles…

Cutting through the confusion

Information about your clients, suppliers, employees and other associates or stakeholders is your responsibility. Knowing exactly what that data is, where it is held (off-site, in the cloud or the filing cabinet, for example,) and the lengths of time you are obliged to keep it for are all important legal requirements.

Michelle Molyneux, Data Protection Officer, Know Your data

If you run a business, you will handle data just like that listed above and doing so is more of a responsibility than ever before.

It’s a worthwhile task to undertake, for legal compliance obviously, but for other reasons too:

  • Upholding people’s rights
  • Acting fast to address issues such as data breaches and cybercrime
  • Plan more focused, effective marketing strategies
  • Your customer relationships and reputation will lift you above the competition
  • You get a secure, organised and data-accurate business

Those are just some of the benefits of handling data correctly, but how on earth do you get to that point?

Don’t panic! Help is out there

If you are confused or concerned by issues surrounding the data you hold, don’t worry. You are not the first and are certainly not alone in feeling that way. The first step, the only step that matters at the beginning of that journey towards data handling compliance and peace of mind, is this-

Establishing exactly what data you hold

I can’t stress this enough, every data audit and every conversation with a GDPR specialist such as myself begins with a long, careful look at exactly what data you handle. It is THE most important job on day one…

We can then follow the legal framework and guidelines to ensure it is handled safely and correctly.

The Information Commissioner’s Office (ICO) is another valuable resource offering the help, and support businesses need to ensure data privacy. Their website provides simple-to-understand guides about data protection aimed at SMEs and even checklists and self-assessment tools such as this one.

If your business handles personal data, you should already be familiar with the ICO and the annual data protection fee unless exempt. You can check if the fee applies to you here.

The ICO is a supervisory body that goes the extra mile to offer help and advice to individuals and organisations.

Lastly, but by no means least, there is me! As a certified Data Protection Officer, I can offer the help and support you need to ensure you ‘know your data’ and handle it perfectly.

Why not send me a message, live chat or request a call any time? I’d love to help.