The General Data Protection Regulation (GDPR) came into effect on 25th May 2018. Despite the onslaught of emails sent to customers giving them the option to renew or withdraw consent to have information held – many websites are still not GDPR compliant – not even the ICO.
But don’t think you can get away with it! Those who are found to be breaking the rules of GDPR can be subject to warnings, temporary or permanent bans on data processing, and even fines. It also undermines the trust between you and your customers if your website doesn’t follow the accepted protocols.
Here are some key actions points in making sure your website is GDPR compliant:
Online contact forms
Any online contact forms you have will need a tick box for users to confirm that they accept your website terms and agree to be contacted via the details they’ve given. If you wish to send further marketing communications to your customer then this must be indicated with another tick box.
This would have been an important feature, already included on your website before launch, but GDPR makes this compulsory. You should also include information on how you intend to use the customer’s data you collect. If your website sends enquiries to other companies or partners then this should be clearly stated with the names of the partners displayed.
Website owners are also required to keep all data in a secure encrypted environment. Adding a https protocol will help you do this.
GDPR states cookies constitute personal data, as they can be used to identify an individual. You must obtain clear, specific consent from users to place cookies and track them. This is usually done with a pop up that appears on a user’s first visit that allows them to consent or decline. The options must be stated clearly for explicit consent, without setting a default answer (ie.accept).
Make sure your plugins comply too!
If your website enables financial transactions via a payment gateway you’ll need to modify your process to remove any personal information that has been held after a reasonable period. There is no explicit length of time given in GDPR regulations, but try to keep them only as long as is necessary.
For more tips on improvements, you can make to your website take a look at our blog or get in touch with us at firstname.lastname@example.org