GDPR and Your Website
More and more we’re hearing and reading about GDPR. You may think it doesn’t affect your business; the reality is it has implications for every business, especially when it comes to GDPR and your website. Almost every website has a customer enquiry form, email newsletter sign-up, booking forms for courses, holiday accommodation, buy-on-line and much more. If your website initiates any interaction you need to know about GDPR. There is so much information out there we could write a book rather than a blog post – so we’re focusing on GDPR and your website.
What is GDPR?
GDPR (General Data Protection Regulation) is the new EU legislation that comes into force on 25th May 2018. It applies to all companies who process data belonging to EU citizens. This is a non-negotiable legislation; you can’t opt out. If you ignore the new regulations there are huge fines for non-compliance. GDPR is being introduced primarily to give people more control over their personal data, especially with the way technology is evolving every day. Companies need to look at how they acquire, store and use peoples’ private information. You can find sound advice on GDPR and your business on the GDPR and You website.
Whatever your business, if you have a website it will have a contact page and most likely a contact form. For your website to comply with GDPR the most important things are to be focused on the personal data you ask for ensuring it is meaningful and that there are clear opt-in commands that ensure visitors to your site will understand what they are agreeing to. Your website must have active privacy features which enable you to handle personal data compliantly. You must also make it clear to visitors to your website what their personal data is being used for, by whom and for how long.
Below are just some of the key points to look at when it comes to GDPR and your website
Learn more about GDPR – Understand what is required and expected to become GDPR compliant and apply this to your website and your business as a whole. Make sure that everyone within the company is aware of GDPR and your plans for compliance.
What is classed as personal data? – Any information that can be used to identify a living person; name, address, email address, PPS number, IP address for example.
What is sensitive personal data? – This sensitive information has to be dealt with more carefully. This includes; health status, sexual orientation, religious beliefs, race.
Look at the sensitive data you have stored – You need to review where it is stored, where it came from and who it’s shared with.
Assess the customer consent options on your website – Review your current methods and make sure that visitors to your website can clearly understand what they are consenting to. Don’t bury this in T&C’s; GDPR is looking for clear consent. Pre-ticked boxes will be banned. Consent must be instantly recognizable.
Customers must be able to withdraw consent at any time – Make sure that you have easy options on your website to allow those who have interacted and given their personal data to you the ability to withdraw their consent at any time.
Have a consent record – It is important to keep clear records so that you can prove consent should a complaint be made. You may need to work out new consent record processes within your company.
Review all your existing consents – If you have a store of information given with consent you must check that these and the current methods you are using are up to GDPR standards.
Secure your site with an SSL cert – Having an SSL certificate means your website is using HTTPS to send data over an encrypted connection. This will ensure customers’ data is protected when they use and submit the enquiry form on your site, irrespective of GDPR you should have this. We hope that this has thrown a little more light on GDPR and your website. If you need any help in making sure that your website is gathering and storing information in compliance with GDPR, we’re happy to help.