Is your website ready for GDPR?
As most of you are probably already aware, General Data Regulations Protection (GDPR) is a new EU regulation being enforced on 25th May this year.
The aim of GDPR is to clamp down on the misuse of personal data by establishing a new set of rules on the collection, storage and use of data by companies. Any business that doesn’t adhere to these new rules could be facing a hefty fine, so it’s quite important you read on!
What does this mean for my website?
In a nutshell, you’re going to have to be extremely transparent across your site about what exactly your customers’ details are being used for. No more auto sign-ups to newsletters and absolutely no passing details over to third parties without a user’s proven consent.
We’ve included a guide here on the type of things you need to be considering for your site. However we’ll be in touch with our existing clients shortly to discuss specific requirements in more detail.
Clear labelling
Wherever you’re asking a user to input their details such as a contact form or newsletter sign-up, you need to outline specifically what you’re using these for. You’ll also need to request obvious consent – so no more presumptions with auto-ticked boxes!
Ability to view and withdraw data
It’s necessary that your users can view their data and every request has to be granted. They can also opt to withdraw their data at any time and if so, their information will need to be erased entirely from your database.
Informative Privacy Policy
Make sure you have a Privacy Policy on your site which clearly defines the following;
- How you’re storing and using any data that’s collected on your site.
- How users are able to submit a request to view their data.
- How users can ask to have their data completely erased from your company.
Data storage
We also advise giving your business an audit check to go through all the data your site collects. Is it all necessary? Some databases might be stored unencrypted which means they run the risk of information being exposed. Therefore we suggest only storing data from customers that you absolutely need.
Have a valid SSL certificate
You may remember a blog we posted towards the end of last year about ensuring your site has a valid SSL certificate to increase security.
Any site which doesn’t use HTTPS means data from your site could be sent unencrypted and up for grabs to third parties. This could result in a breach of GDPR, so we strongly recommend you get an SSL installed as soon as possible if you still don’t have one.
Does this only account for data collected on or after 25th May?
No , this also applies to any information you’ve gathered prior to 25th May – so we’d advise starting to look at your user data and email marketing lists now.
How does this affect email subscriptions?
Everyone in your email subscription lists will need to provide clear consent to receive future email marketing from you – including any existing subscribers.
You may have noticed some companies sending out an email asking if their contacts still want to hear from them. This is the type of thing we’ll be advising all of our clients to send out. Your users will have to actively say they’d like to continue to receive any future email communications from you. Anyone who says no or doesn’t reply will need to be removed from subscription lists.
We appreciate that this is a lot of information to take in! We’ll be contacting our clients directly on this over the coming weeks.
If you have any questions then don’t hesitate to get in touch – we’re always happy to help!