As with most areas of business, there are legal issues to consider when planning a website or use of the internet of any kind.
Legal issues of website ownership fall into many categories. A separate guide covers this topic in more detail, and this can be found in our online resources.
These are the topics to be found in the guide:
- GDPR and the New Data Protection Act
- Legal ownership of domains and website
- Distance selling regulations
- Website terms and conditions
- Intellectual property
- Email and legal issues
- The Disability Discrimination Act
Of these , the General Data Protection Regulation GDPR is the latest legislation, with the new act coming into force in May 2018.
GDPR covers any data that is stored about individuals, how that data is used, how it was collected and what it may be used for.Personal data must be:“processed lawfully, fairly and in a transparent manner in relation to the data subject" (Article 5.a)Apart from the mangaing the project within the business and raising awareness etc, Some steps to compliance are as follows:
- When visitors fill forms, ensure you always give people the option to opt IN.
(No pre-ticking the box here please!)
- Record exactly when the user gave permission AND
Record exactly what information was given to the user when they submitted their data.
- Tell the user sending you any data via your site, what you are collecting and what you plan to do with it. You'll aslo need to specify if you’ll share the data with anybody, and who to contact if they have any concerns.
- Ensure everyone on the distribution list has opted in as above.
- If not, then you need to ask them to!
- Produce and inventory of personal and sensitive data posessed by the business
- Identify how it has been obtained and where it is held.
- Identify why you have that data andif it is still required 0 if not - delete securely.
- Document who has access to this data, internal or external and why.
- Train on Data protection best practice.
Rights of the PeopleEveryone who you have data about (data subjects) has the:
- Right to be informed
- Right of access to that data
- Right to rectification and erasure of that data
- Right for that Data not to be used for some purposes
- Right to Data Portability
- Right to Object
- Right not to be subject to automated-decision making
The Lawful reasons for having anyones personal data
- The Person (data subject) has given consent
- Within a contract with the person.
- For compliance with a legal obligation
- To protect the vital interests of the data subject
- Enable a process carried out in the public interest
- Purposes of the legitimate interests pursued by the controller