If you’re not sure what GDPR is I found the video above to be a good overview. You can go a little more in-depth with this article here, which also links out to other resources.
The purpose of this post is to explain how I’ll be implementing GDPR compliance into this and future websites, as well as to offer the same changes to existing clients as retrofit work for their existing sites. It’s worth noting that I am not a legal expert by any stretch of the imagination. The implementation work that I’m doing will very much be a work-in-progress until clearer, standardised guidelines are available on GDPR. I’m simply looking to cover all the bases to the best of my knowledge and understanding.
The responsibility for GDPR compliance falls ultimately to the website (and/or business) owner. In the case of Scattershot Creative, that’s me. For my clients, that’s them. With that said, because I’m doing this work for myself and because I’m generally a helpful chap, it seems right to offer this out to help past clients. For current and future clients, having a developer with a working knowledge and understanding of GDPR, who can offer guidance and take steps to helping you implement it on your website, seems like a good thing. Perhaps even a necessary thing.
The information I’ve read so far seems a little conflicted when it comes to contact forms in the way I have most often used them for myself and clients. Usually, upon completion and submission by a user, the data in the contact form is securely emailed directly to the relevant contact email address for that website. There’s some suggestion that since that data is not being stored by the website itself there’s no need for the user to consent to their data being collected – because, in a way, it isn’t. It’s transmitted to the email provider/client directly at which point… who has the responsibility, exactly?
My present understanding suggests that even if it turns out I’m not collecting, storing, or using data in any way covered under GDPR it’s better to ask permission than later seek forgiveness. It seems right that users who consent and later request what data I have on them, only to be told I have none, have no particular reason to be upset about that. Whereas not requesting consent and storing user data anyway is obviously a big no-no.
Existing clients with online shops (eCommerce) will be hearing from me individually with details of what needs to be done with regards to their particular set up. Going forward I hope to develop enough of an understanding to be able to continue to provide assistance to new clients with their eCommerce needs.
Privacy by design has caused/is continuing to cause a buzz, and plays a part in GDPR. I’m not sure how actually relevant it is to what I do, or indeed what many of my clients do, but I’ll be keeping an eye on it.
Okay, that’s all for now. I’ll update this post if I remember other things I meant to include or if anything changes to the point of rendering some or all of the above obsolete. If you have a better understanding of any of this and wish to offer corrections, suggestions or additions please do get in touch.