The General Data Protection Regulation (GDPR) came into effect on 25th May 2018. Despite the onslaught of emails sent to customers giving them the option to renew or withdraw consent to have information held – many websites are still not GDPR compliant – not even the ICO.
But don’t think you can get away with it! Those who are found to be breaking the rules of GDPR can be subject to warnings, temporary or permanent bans on data processing, and even fines. It also undermines the trust between you and your customers if your website doesn’t follow the accepted protocols.
Here are some key actions points in making sure your website is GDPR compliant:
Online contact forms
Any online contact forms you have will need a tick box for users to confirm that they accept your website terms and agree to be contacted via the details they’ve given. If you wish to send further marketing communications to your customer then this must be indicated with another tick box.
Privacy policy
This would have been an important feature, already included on your website before launch, but GDPR makes this compulsory. You should also include information on how you intend to use the customer’s data you collect. If your website sends enquiries to other companies or partners then this should be clearly stated with the names of the partners displayed.
Handling data
Customers have a right to ask for their details to be removed from your website and database if requested. You’ll need to ensure you can facilitate this and inform customers, in your privacy policy or elsewhere on your site, that they have the right to do so.
Website owners are also required to keep all data in a secure encrypted environment. Adding a https protocol will help you do this.
Obtain clear consent to use cookies
GDPR states cookies constitute personal data, as they can be used to identify an individual. You must obtain clear, specific consent from users to place cookies and track them. This is usually done with a pop up that appears on a user’s first visit that allows them to consent or decline. The options must be stated clearly for explicit consent, without setting a default answer (ie.accept).
Make sure your plugins comply too!
GDPR compliance can come down to the smallest detail, so don’t be caught out by forgetting to check your plugins. Many plugins also use cookies, so you’ll need to make sure this is expressed in your privacy policy and subject to user consent.
Online payments
If your website enables financial transactions via a payment gateway you’ll need to modify your process to remove any personal information that has been held after a reasonable period. There is no explicit length of time given in GDPR regulations, but try to keep them only as long as is necessary.
For more tips on improvements, you can make to your website take a look at our blog or get in touch with us at info@helloslate.co.uk
Posted: September 2019
Author: Slate
