Is your website GDPR Compliant?

With the General Data Protection Regulation (GDPR) fast approaching, it’s time to get your website compliant.

This probably isn’t the first time you have heard about GDPR and nor will it be the last. However, if it is the first time you’re hearing about GDPR you must act fast.

The General Data Protection Regulation is an EU-wide regulation, which will become effective in the UK on 25 May 2018 and will replace the current data protection act. This new regulation is designed to give individuals more rights and protection in how their personal data is used. If you do not comply you can be fined up to 4 percent of your global turnover, so it’s important that you take action now. If you want to know more about GDPR read more here.

So how can we help?

Here’s what we recommend to ensure your website is compliant in 7 steps.

1. SSL Certificate installation – Protect the data from prying eyes

If your website runs over a Secure Socket Layer (SSL), you can make sure that data transferred between your customers browser and your website is protected and helps to stop third parties stealing users’ data. Not only will it show you take your customers privacy seriously, but It’s also something Google recommend and could potentially help with your rankings.

2. Privacy Policy – Fine-tune your privacy policy

Your privacy policy needs to state clearly to the user about the storage and use of any personal information that you collect. It should include what information is collected, who collects it and how it is stored amongst several other points. To help you hit all the necessary information we can supply you with a website privacy policy.

3. Cookie Banner – Tell the user what cookies you’re using

It’s not enough to have a cookie banner on your site which states that “by using the site you accept cookies”. To be compliant with GDPR you will need to give the user the option to either opt in or opt out of the site using cookies. If the user clicks decline some features of the website will be unavailable and third party tracking such as google analytics will no longer be available.

4. Adapting Forms – Make your users aware

Many sites if not all will have a data input form, whether this Is for contacting the company or checking out of a shop. All these forms will need to be adapted to include a checkbox that says that the user agrees to the privacy policy. You will also need to state if you share the data in any way, you must have a clear opt in box which cannot be pre-populated. You will also need to have a clear link to your privacy policy on any forms on your website.

5. Limit the data you collect – Make sure the data is needed

As well as having clear opt in and agree checkboxes on your forms, you need to think about whether the data you are collecting is necessary and how it’s going to be used in the future. E.g. do you really need to collect the users telephone number or are you just getting it for the sake of it?

6. Review Third-Party Content or Plugins

Any content that is loaded externally when loading your website (e.g. social plugins such as the Facebook Like button) informs the source of the visitor’s IP address. In order to use these going forward they would need to be enabled if the user accepts your cookie banner.

7. Email Marketing – Clean up those lists and double opt in.

If you have a newsletter sign up on your website, you will need to ensure that a double opt in applies and that the user is agreeing to your privacy policy when opting in to receive marketing from you. On each marketing email you send to these customers, you must provide a clear link giving the users the option to unsubscribe from your emails. Although soft opt in may apply to your existing customers, we recommend sending an email to all your existing marketing list giving the users an option to opt in before the 25th May. This will ensure that all future marketing to these emails comply with current GDPR legislation.


So, what now?

The good news is we can help you make your website compliant, so that’s one less thing for you to worry about regarding GDPR.

Please note we are not solicitors or legal experts and the above content should not be construed as legal advice. We would always recommend that you speak to a solicitor. The steps above are only in relation to your site complying to website aspects of GDPR and not your whole company. We can only advise on website aspects of GDPR and cannot guarantee that the above steps will make your site fully compliant.

Posted on: 15 February, 2018 | Under Digital |