If you use the Internet to do things, and who doesn't now, then you're probably starting to become aware that "something" is afoot as businesses suddenly seem to be contacting you about the data which they hold about you.
What is behind this is the EU's General Data Protection Regulation 2016/679 (GDPR) which become enforceable from 25th May. The GDPR aims primarily to give you back control of your personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Here at WalkLakes we have been working hard to prepare for this so this seemed like a good time to talk about where we are and where we're going.
The first thing we had to do was do an audit to determine all the data that we may hold about you. It turns out that this varies quite significantly depending of how much you have interacted with us and our web site but you can find a full list here of the data we may hold.
The second thing that the GDPR requires us to do is to make you aware that we may hold this data, so from now everyone who registers with us will be presented with a very brief list of all the data we may hold and will have to confirm, by ticking a checkbox, that they are happy with us doing that. So we have added this to the registration page:
That's fine for new users but what about existing users? Well a lot of companies are tackling this by contacting everyone who had ever interacted with them. We're not wildly keen on this approach, certainly not in the first instance, as many of the people who register are visiting the Lake District on holiday and then possibly won't be back for many years.
So initially we're going to approach this by taking return visitors through the same step that new registrants have to go through the first time that they log in to the site again by presenting them with the same checkbox you can see above.
Finally under the GDPR you have the right to ask us to see the data we hold on you and also to either correct or delete your data. We did think about adding some sort of mechanism to let you do this online but in the end we concluded that, initially at least, we would just ask you to contact us if you would like us to do any of these things done.
We hope this is all clear and reassures you that (as was always the case) we are being responsible in our handling of your data.
You can comment on this post in our forum.