You’ve no doubt heard lots about the new GDPR which is launching on 25 May.
As the main focus is on the way you source, store and share data, there are implications for your website so we’re here to make sure you’re fully prepared.
How GDPR affects your website
GDPR is all about consent. When you collect personal data on your site, you need to get permission to use it. People who use your website must understand how you plan to use their data, and give their consent.
So if you’ve got someone’s email address because they’ve placed an order with you, you can only market to them if they’ve actively agreed to this. Not just because they bought something from you once upon a time.
As this is all so new, the ramifications aren’t yet clear. Nobody has professed to be an expert at GDPR and there’s no one size fits all solution yet… believe us, we’ve checked!
5 key areas for GDPR compliance
To help you understand what it will mean for your website, we’ve put together a quick check list:
- Your documents are likely to need updating, starting with forms, privacy notices and cookies. All the small print. You’ll want to tell your visitors what sort of data you’re collecting and why. Take a look at our privacy notice to see how it’s changed.
- It’s also wise to make sure that any data submitted to your website is encrypted through a Secure Sockets Layer (SSL). This not only secures your website’s connection and protects personal data by making it unreadable, it can also boost your Google rankings. If you don’t already have this, talk to John about it. He knows exactly what to do to put this in place so that you have peace of mind about every transaction.
- Consent is a big part of GDPR. You’ll need to make sure all consent forms are unchecked by default and that’s it’s absolutely clear about what your visitors need to do to ‘opt in’. Keep these forms separate from your regular terms and conditions for optimum transparency.
- Under the GDPR, you’ll need to appoint a Data Protection Officer (DPO) if you are a public authority, or if you carry out certain types of processing activities. This role can be an existing employee or someone external. Make sure that their contact information is clearly listed on your site so that people can easily get in touch. There’s more about what’s required at ico.org.uk
- Are you clear about the Right to be Forgotten? The GDPR states that “a data subject should have the two rights. The right to have his or her personal data erased. And no longer processed where the personal data is no longer necessary in relation to the purpose for which they are collected or otherwise processed.”
As a result, your visitors can request to have all the data held about them deleted, including back up systems. According to research by Solix, 82% of organisations don’t know where their most sensitive personal data is stored… and only 55% maintain audit trails for data consents, collections updates, and deletion. It’s a bit of a risk for non-compliance. Therefore, getting to grips with what you need to do in bite size chunks makes a lot of sense.
Still unsure about the GDPR and your website?
If you’re not clear how all this will affect your website, don’t worry. It’s not too late…
We can help you and your website get ready for 25 May. Just give us a call on 0330 088 9277 or email firstname.lastname@example.org.