It’s clear now that non-compliance isn’t an option because the regulations have teeth. You can be fined up to 4% of annual global turnover or €20 Million for breaching GDPR . Of course these are the most serious fines, for lesser offences there is a tiered approach. Fines of 2%of annual global turnover are the penalty for not keeping your records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting a full impact assessment.
Our Website GDPR Compliance Programme is designed to help guide you through the whole process of becoming compliant. It breaks down into two parts: Reporting and Implementation.
Reporting
First of all we will create a report reviewing everything on your website which might be relevant to GDPR along with a bespoke plan or roadmap describing the work necessary to achieve GDPR compliance.
This is a summary of the type of detail you can expect to see in your report.
1. Overview
An overview of your site, its infrastructure and the technologies used to run it.
2. Cookies
We will give details of which cookies are in use on your website along with their expiry dates and any specific recommendations for ensuring GDPR compliance.
3. Passwords
We will list all of the user accounts on your site, along with their roles and privileges and recommendations for current and future password security.
4. Contact Forms
If your website uses contact forms to capture user data we will list each form along with details of any associated plug-ins or code. The report will provide details of how the data from the forms is stored along with any recommendations for current and future GDPR compliance
5. Signup Forms
The report will contain details for any newsletter sign up forms (linked to MailChimp for example) along with recommendations showing you how to ensure future sign-ups will be GDPR compliant.
6. Mailing Lists
Any existing Mailing Lists will be examined and recommendations made on how to make those lists GDPR compliant. If you have already carried out a GDPR compliance exercise we can take a look at that and report on whether you are, in our opinion, fully GDPR compliant.
7. User Data
The report will give details for all the stored user data, this will include e-Commerce customers and WordPress user accounts. If your website has eCommerce capability the report will detail where and how you store and process user data. Storage methods and data locations will be shown along with our recommendations describing how to ensure this data can be modified to ensure GDPR compliance.
8. Plug-ins
Every plug-in on the site will listed be along with individual reviews describing how safe the plug-in is, whether it is still under active development, and especially an alert if it presents any potential GDPR issues.
9. General Security
You will be provided with an overview of the website’s current security status.
10. Backups
The report will confirm details of backup procedures, frequency and storage methods
11. External Services
We will list all of the external third party services that are integrated with the site and detail of how these services can be made GDPR compliant
12 Roadmap
This final section will provide details on the work that we recommend you undertake in order to bring the site up to the current standard required for GDPR compliance.
Implementation
Until we complete the report it is impossible to say exactly what action you need to take in order to make your site fully compliant. It could be that you there won’t be anything to do in which case the report alone will suffice and you’ll be able to file it away in case anyone ever asks you to demonstrate what steps you took when the new regulations came into force.
What seems more likely is that the report will list a series of tasks which you need to carry out. Here are some examples of those tasks.
1. Data Clean-up
Remove existing data that does not comply with GDPR along with any unjustifiable information
2. GDPR Data Requirements
Setup new WordPress Core features which satisfy the following GDPR rules:
- Data Portability
- Right To Be Forgotten
- Right To Access
3. Create policies
We will create GDPR compliant policies for:
4. Cookie Plugin
Install and configure a cookie consent plug-in which will display on the website.
5. Breach Notification
As part of the GDPR requirements, any breach of data must be communicated to affected parties. In preparation for this eventuality we will create a Breach Notification Plan for you
6. Plugins
We anticipate having to update, replace or delete at least some plugins because they are no longer compliant
7. Changelog / Report
We will generate a final changelog report with details of all the work carried out which you can keep for your record
Cost for the Reporting stage is £199 ex VAT, it’s impossible to say with accuracy what the implementation would cost but the experience of the past two weeks indicates that it is likely to be a similar figure ie £199 ex VAT.