GDPR Compliance for Web Developers and Designers
Almost a year ago, on May 25th 2018, one of the biggest data security changes came into effect with the introduction of the GDPR. Impacting all businesses handling EU data, the GDPR has seen organisations from the biggest conglomerates to sole traders adapt everything from their mailing lists to their website fonts in a bid for compliance.
While the GDPR has been in place for almost twelve months, we believe it’s important to keep the regulations at the forefront of your mind while working and to regularly review working procedures and data security efforts.
In today’s post we’re discussing GDPR compliance, with a particular focus on compliance for web developers and designers. Particularly if you’re operating as a solo businessperson without a legal team to do the groundwork for you, it can be stressful to ensure you’re doing everything by the book. While we always urge those handling client data to seek legal advice as a standard measure, today we want to look into what the GDPR actually is and share some best practices for developers and designers to consider.
What is the GDPR?
First and foremost, what exactly is the GDPR? Created to build on and replace the Data Protection Directive (DPD), the GDPR was introduced to simplify data protection regulations across the EU. With the protection of EU citizens’ data at the core of the regulations, the main focus is on the way organisations hold and secure data.
The GDPR regulations apply to any data that relates to an identifiable person who is able to be directly or indirectly identified in particular by any personal identifiers included in data held on them. Personal identifiers include (but are not limited to) name, ID numbers, location data, and online identifiers.
An important thing to note is that your organisation needs to be GDPR-compliant whether or not you’re based in the EU yourself. All that matters is that you hold data on EU nationals, and if you’re dealing with any clients based in Europe, that’s more than likely the case.
Best Working Practices for GDPR Compliance
Anybody working with data that is beholden to the GDPR should have implemented various working practices to ensure compliance in their day to day work. While this isn’t an exhaustive list, we wanted to share a few tips that should make up part of your GDPR best practices:
- Keep passwords secure – these should be changed regularly for an additional layer of security
- Shred paper copies of work that contains any user data
- Keep laptops and mobile devices adequately password protected and lock/log off when these are not being used
- Take extra care when working in public spaces or travelling to ensure data is not visible or compromised
- Do not store data on personal devices
- Remove client and user data as soon as it is no longer required
Development and Design Considerations
After the introduction of the GDPR in May 2018 you may have noticed a flurry of enquiries regarding specific data-related queries. When working on website design and development for clients who handle EU customer data, we recommend bearing the following in mind as these are just a few elements of web design and development that bring with them GDPR considerations:
- Privacy policies
- Cookie policies
- Pop-ups (particularly relating to cookie and privacy policies)
- Newsletter sign ups
- Contact forms
- SSL certificates
- Comments on company blog posts
- Analytics tracking
While we hope the information we’ve shared above is a great starting point for web developers and designers looking for a refresher on the GDPR, for those looking to broaden their knowledge of the regulations we recommended visiting the ICO’s in depth GDPR guide.