GDPR Website Audit
Ballyhoo’s GDPR audit package has been designed to take a snapshot of your website or online application and pinpoint where and how improvements can be made.
What you’ll get:
You’ll receive a detailed report evidencing our findings. This will form the basis for our tailored recommendations on how to improve and safeguard your website, ready for GDPR. We’ll also give each recommendation a priority status and provide approximate costings for implementation.
Depending on the complexity of your website, we’ll typically look at:
- Data encryption and site security
- User registration and contact forms
- Explicit permission for communications
- Privacy policies
- Marketing best practice
- Email best practice
Following the audit you have a number of options:
- Give us the go ahead to implement our recommendations and ensure GDPR-readiness in time for May 25th. Or, if cost is prohibitive, we’ll work with you to formulate a plan of action based on the priorities.
- Take your audit report away to work through at your own pace, or even with another agency if you prefer.
Please note: upon ordering you will be added to a queue to have your website audited, with all audits aiming to be completed by April 2018. We will be in touch as soon as possible to give you approximate timescales and ask you for further details if required (for example, if we didn’t build your website we will require admin access - please have your login details handy).
What is GDPR?
The General Data Protection Regulation (GDPR) has been introduced by the Information Commissioner’s Office (ICO) to supersede the Data Protection Act 1998 (the DPA), providing more rights to individuals on how and where their personal data is stored by organisations and bigger sanctions for those organisations who do not comply with best practice and the law.
Technology has advanced hugely in recent years, with websites often now tracking cookies and IP addresses in addition to storing standard personal information, all of which can be used to identify individuals. GDPR takes into account the way we now gather, store and use personal data and makes provisions for this to be done in a safe, traceable and accountable manner.
As a website owner, you are responsible for any data received through your website and for how this is then stored and used. You probably have at least one contact form on your site and use the information received through this to make sales and marketing efforts.
It’s more complicated for those of you who are selling products or taking bookings online as the amount of personal data required to carry out the purpose of the website increases, as well as the scope for which the data could be used - or abused if it falls into the wrong hands.
GDPR legislation is already law, however compliance becomes mandatory on 25th May 2018 and this is when the ICO will have the power to start punishing anyone who falls foul of the guidelines.
It’s important to remember that Ballyhoo’s GDPR audit service is specifically targeted at your website and does not constitute advice for your in-house data protection procedures or best practice.
We have partnered with two companies, who we are also proud to call clients, who are providing their own GDPR readiness services with a deeper focus on what you should be doing in-house:
Wright Solutions are specialist online training providers, offering two e-learning courses on GDPR.
Gain a quick overview of your obligations through a short animated video. This is for anyone who needs a basic overview of GDPR and the key principles.
GDPR Awareness E-Learning
A deeper delve into GDPR, including an online assessment to test your understanding.
Aristi are information security and assurance consultants. Working closely alongside senior management, they'll ensure that GDPR becomes best practice within your organisation and that there is clear accountability for your data storage and anyone who has access to it.
Aristi can tailor a package to provide awareness training, readiness assessments and implementation support across your internal systems and processes.