GDPR and what it means to your website

Don’t be mistaken in thinking that just because only have a small website that GDPR doesn’t affect you.

If you collect personal data then GDPR does affect you.

What is personal data?

ParadigmIT - Blog - GDPRWell there is no one definitive list.  A person’s name on its own is not considered personal data but combine the name with a telephone number or an email address then that may be sufficient information to clearly identify an individual.  [Boxcryptor provide some examples – https://www.boxcryptor.com/en/blog/post/what-is-personal-data-simple-examples/]

What is GDPR?

GDPR is a regulation in EU Law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU.  It comes into effect from 25th May 2018.  Any changes you make may have to be updated accordingly after the completion of the UK’s exit from the European Union.

Under the new GDPR rules businesses need to be more transparent to ensure that where consent is given to collect personal data that the consent is given freely for a specific purpose and that users are fully informed about its potential uses.

What difference does it make to the users?

On one hand more tick boxes and links to policies that users never read?  On the other hand users will have the re-assurance that you are handling their data with care.

Users also have the right to access their personal data and supplementary information and you have to provide it free of charge, though you can charge a ‘reasonable’ admin fee.

How does it affect your website?

Most websites have at least 2 basic components:

  • Google Analytics to help you analyse website traffic
  • A contact form to allow visitors to easily contact you

If you have either of these then you need to ensure you website is GDPR compliant.

If you only use Google Analytics then this could be as easy as updating your Privacy Policy.

Other common website components that have to be considered under GDPR?

  • The ability to comment on blog posts
  • Newsletter subscriptions
  • eCommerce – online store

Two key areas to act on

Privacy Policy and Terms and Conditions

The Information Commissioner’s Office (ICO) has very kindly provided a sample privacy policy that you can use on your website. It is concise, transparent, and easily accessible.

You will also need to update your terms and conditions on your website to reference GDPR terminology. In particular, you will need to make transparent what you will do with the information once you’ve received it.  You will also need to update your data retention policy to detail how long you will retain this information both on your website and also by your office systems.

Active Opt-In

ParadigmIT - Blog - GDPR - OptInAny forms that invite users to subscribe to newsletters or indicate contact preferences must default to “no” or be blank.

So, you can’t have a form that’s starts by ticking all the boxes to say that you want to be contacted by email, phone and post.  The tick boxes have to be blank and the users selects which methods they want to be contacted by.

What about Google Analytics?

Google Analytics has always been an anonymous tracking system.  It does not collect “personal data”.  However, you should reference it in your Privacy Policy.

Take a look at what Google is doing to comply with the data protection laws – https://privacy.google.com/businesses/compliance/#?modal_active=none

What else?

The changes being brought in by GDPR affect not just your website but all aspects of your business.

If you have not already referred to it then check out the ICO’s website – https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-notices-transparency-and-control/

There’s also a handy 12 step guide – https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

Where do you start?

Ask yourself these questions:

  • What personal data do I have stored in both electronic and paper format?
  • Do I need that data?
  • Do I have a policy that shows how long I will retain that data for?
  • Is the data being held securely?
  • Do I need to register with the ICO?

WordPress website?

If you have updated your Privacy Policy and Terms and Conditions, then there are some easy to use GDPR plugins that will help you add the relevant tick boxes to your contact form on your website.  For instance, WP GDPR Compliance – https://wordpress.org/plugins/wp-gdpr-compliance/

If you do a search on the web, you will find quite a few articles about GDPR, and your own professional body may have already provided guidance, but if you feel that ParadigmIT can be of assistance then please get in touch.

New Apple iMac Pro is on the way!

Apple has finally announced, after a good few years of selling the infamous ‘black bin’ Mac Pro, that a new one is on the way.

iMac Pro BlogComing our way December 2017, it will be called the Apple iMac Pro.

Apple are touting this with the strapline ‘The Most Powerful Mac Ever” – and the specs seems to back that up.  This 27-inch space grey workstation class computer will feature (for around $4999 / £3845)

  • A retina 5K display
  • A Xeon-Pro CPU with up to 18 cores(!)
  • AMD’s Radeon Vega GPU
  • Up to 128GB RAM
  • Up to 4TB of SSD HD
  • 4 x Thunderbolt 3 Ports which can support up to two 5K displays
  • 1080p FaceTime Camera
  • 10GB Ethernet

iMac Pro Blog

Having the Xeon V4 class CPU, this is definitely aimed at the Pro user – those interested in graphic modelling or video production work.

The $4999 price tag is for the ‘base’ model with an 8 core Xeon CPU (E5-2620 V4 @ 2.1GHz possibly, but Apple is yet to confirm), an 8GB Radeon Vega GPU, 32GB of 2666Mhz DDR4 ECC RAM and 1TB of SSD storage.

The maxed-out version can have an 18 core Xeon Pro CPU, 16GB Radeon Vega GPU, 128GB 2666Mhz DDR4 ECC RAM and a 4TB SSD HD.  Looking at this maxed-out spec, you can expect to spend…wait for it!  Around $17k!!

This will put this version of the new iMac Pro out of the reach of the average user, but it’s enough to turn even the most modest geek into a quivering wreck.

To sum up, Fully-equipped, the machine Apple will be selling will unquestionably be very expensive — at least for a traditional desktop. But if you consider this to be a professional production workstation, it’s not overly expensive. But if you’re a film company, and it’s time to make another big movie, a $17k workstation (or 4!) is not overly expensive.

EDIT: Apple has a page up on their website for the new iMac Pro, but don’t expect any extra information until the big reveal!

https://www.apple.com/uk/imac-pro/

Hey, I’m from Microsoft and you have a virus on your computer!

Here we go again.. it’s that time of the year

I’m sure you’ve heard that before when you pick up the phone and answer a call from a withheld number.  I think it’s worth talking about this scam that hits our homes – and wallets – time and time again, and especially at this time of the year when Santa is due to do his rounds..

It generally goes like this (in a hard to understand accent)…

Microsoft-virus-scam-blog

Them: “Hi, can I speak to Mr. James”?

You: “I’m sorry, there’s no-one here called Mr. James”

Them: “Ahh, that’s okay, I’m from Microsoft and we have detected a virus / malware on your computer spreading it out onto the Internet and infecting others machines”

You: “Oh!, Really?  What do you want me to do”…

It then generally descends into ‘Them’ pointing you to a website that you can download their software that will let them remove the virus from your computer.  Once you download and follow their instruction to install this ‘miracle’ software, you have inadvertently given them remote access to your computer where they will quickly install the virus / malware they told you was already on your computer.

One of two scenarios will generally now play out…

  • Your computer will become part of a botnet (a great collection of computers on the internet that can then be commanded to do all sorts of nefarious deeds like hack other computers, infect other computers or mine bitcoin etc.
  • Your computer will be infected and then the rep on the phone will tell you this and offer to help you remove it for £££’s, wait until you pay up with your favourite debit or credit card (which they will generally keep the details of, allowing them to use your card some more later on), put the phone down on you and leave your computer in an unusable state.

ParadigmIT’s Tips for dealing with these scammers

Microsoft-virus-scam-blogA few things to remember when you get a call like this…

  • There are millions of PC’s out there running Microsoft Windows – and Microsoft have no access to your computer, ever.
  • How do Microsoft even have your number?
  • Would Microsoft have time to call you? And even if they did, and there was a virus on your computer, see the first bullet point…

Knowing these three things, you can see that Microsoft wouldn’t call you. Ever.  This must be a scammer.

Best thing to do when you get a call like this, hang up the telephone, and if you have a facility on your phone to block the number that’s calling you, do that.

Never do anything to your computer with instructions provided over the telephone – unless you know the person and trust them!

It’s very simple to deal with these scammers – now here’s some of the organisations that these scammers claim to be from…

  • Windows Helpdesk
  • Windows Service Center
  • Microsoft Tech Support
  • Microsoft Support
  • Windows Technical Department Support Group
  • Microsoft Research and Development Team (Microsoft R & D Team)

What do I do if I’ve already done what they ask?

  • Change your computer’s password, change the password on your main email account, and change the password for any financial accounts, especially your bank and credit card.
  • Scan your computer with the Microsoft Safety Scanner to find out if you have malware installed on your computer.
  • Install Microsoft Security Essentials. (Microsoft Security Essentials is a free program. If someone calls you to install this product and then charge you for it, this is also a scam.)
  • Call your bank or building society to check that everything is in order.

How can I report these scammers?

Keep safe out there!