Web Design & Development Company Glasgow

GDPR legislation 'Insecure Websites'

With the introduction of the GDPR legislation anyone who captures any form of user information will need to encrypt the data or face fines.

The GDPR applies in the UK from 25 May 2018


Browser Security Changes

In the run-up to GDRP Google Chrome will be marking more sites as ‘Not Secure’ within the address bar to name and shame organisations which, in their view, are not taking customer data protection seriously.

Sites are particularly being targeted by cyber criminals as data theft for identity fraud has become more lucrative that stealing credit card details. Having someone’s personal details is a goldmine for criminals.

Data Protection Analysis Request

Who does the GDPR apply to?

  • The GDPR applies to any website that collects user information. The GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach.

  • The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
  • The GDPR does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.

Top Level Data Security & Integrity

Top-level data security and integrity are crucial aspects for websites to ensure the protection and trustworthiness of user information.

Implementing robust security measures is essential to safeguard sensitive data from unauthorized access, data breaches, and malicious activities.

This involves employing strong encryption protocols, such as SSL/TLS, to establish secure connections and protect data transmission between users and the website.

Secure storage practices, such as encrypting databases and employing access controls, help prevent unauthorized access to stored data.

Regular vulnerability assessments and penetration testing should be conducted to identify and address any potential weaknesses in the website's security infrastructure.

Additionally, implementing user authentication mechanisms, like multi-factor authentication, enhances security by adding an extra layer of verification.

Strict access controls should be enforced, granting appropriate privileges only to authorized personnel.

Data integrity can be ensured through measures like data backups, version control, and implementing secure coding practices to minimize the risk of data corruption or tampering. By prioritizing top-level data security and integrity, websites can provide a safe and trustworthy environment for users, instilling confidence and protecting valuable information.

What information does the GDPR apply to?

Personal data

Like the DPA, the GDPR applies to ‘personal data’. However, the GDPR’s definition is more detailed and makes it clear that information such as an online identifier – eg an IP address – can be personal data. The more expansive definition provides for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people.

For most organisations, keeping HR records, customer lists, or contact details etc, the change to the definition should make little practical difference. You can assume that if you hold information that falls within the scope of the DPA, it will also fall within the scope of the GDPR.

The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This is wider than the DPA’s definition and could include chronologically ordered sets of manual records containing personal data.

Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.

Sensitive personal data

The GDPR refers to sensitive personal data as “special categories of personal data” (see Article 9). These categories are broadly the same as those in the DPA, but there are some minor changes.

For example, the special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual.

Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing (see Article 10).


How can we help you ?

If you have any questions about web design, web development or internet marketing let us know.

Email Us or Call us

Our Experience