Ensure your website complies with UK GDPR Regulations

General Data Protection Regulations (GDPR) became law in the UK and EU in May 2018.

GDPR incorporated and extended what was previously covered by the EU ePrivacy Directive 2009/136/EC.

This Directive required owners of websites visited by citizens of the UK and European Union (EU) to tell visitors which cookies were being used by their website and to ask for their consent.

Example: by means of a Cookie Bar as used by this website.

You can learn more about how to add a Cookie Bar to your Joomla! CMS website when you visit the link at the bottom of this page.

There is however a lot more that UK businesses and organisations must do in order to comply with UK Data Protection legislation.

Below we share with you the lessons we learned when we considered how we could ensure our own business complied with the UK Data Protection legislation.

GDPR Compliance

Periodically review your business or organisation and its website to ensure they both comply with the UK GDPR when interacting with stakeholders, including customers, suppliers, employees and website visitors.

Do so in four key areas.

1) Data storage

Encryption of computer equipment used to store stakeholder data.

Backing up of stakeholder data.

2) Communications

Encryption of communications with stakeholders.

3) Consent

Explicit consent from stakeholders for the data to be collected, for how long it will be stored and for what purpose it will be used.

4) Contracts

Reference to GDPR in contracts with stakeholders (especially customers and suppliers), for example, Terms of Service, Terms of Use, Privacy Policy, Cookie Policy and Service Level Agreements.

What practical steps should you take?

The steps you take are for you to decide.

These are the steps we took following the release of the UK GDPR.

• We researched the requirements of the UK GDPR (see links below).
• We audited our data storage, communications, process of gaining consent from stakeholders and contracts with stakeholders (any Terms of Service which exist).
• We focused on interactions with stakeholders to identify who, what, when and where we interacted, and how we did so.
• We identified the minimum amount of data that we needed to collect and store for each group of stakeholders to ensure service levels could be maintained.
• We drew up a plan of action to implement the necessary changes we needed to make in order to comply with UK GDPR.
• We drafted a Cookie Policy for our website.
• We updated our website's Terms of Use and Privacy Policy.

Useful Links

FreeAgent - Online accounting service provider.

We found the guidance at the following link to be very useful.

Note: the link includes our referrer code.

Read more: FreeAgent and GDPR Compliance.

UK Information Commissioner's Office.

"The Guide to the UK GDPR is part of our Guide to Data Protection. It is for DPOs and others who have day-to-day responsibility for data protection. It explains the general data protection regime that applies to most UK businesses and organisations. It covers the UK GDPR, tailored by the Data Protection Act 2018." Source: UK Information Commissioner's Office.

Read more: UK GDPR Guidance and Resources.

Read more: UK GDPR Advice for Small Organisations.

GDPR and The Joomla! Project

The Privacy Tool Suite was introduced by The Joomla! Project to help website owners and administrators avoid breaking the law related to data protection and privacy.

The Privacy Tool Suite does not include a Cookie Bar Module.

Read more: Privacy Tool Suite.

Read more: Cookie Control.

If you are seeking a Cookie Bar extension then you will find several created by independent developers listed in the Joomla! Extensions Directory (JED).

Read more: Cookie Control Extensions (JED).