How to make your website GDPR compliant

  • By Lucy Pepper

ARE you ready for GDPR?

Have you begun to sort through and cleanse your digital customer data?

Will your website comply with the new GDPR regulations?

If you’ve answered no or you’re not sure about any of the above, we can help you become GDPR compliant online.

Since Friday 25 May 2018, all digital systems MUST include privacy by design.

Fail to do so and the fines are astronomical.

To make your website GDPR compliant you should:

  1. Conduct a personal data audit
  2. Analyse what you’re using the data for
  3. Review where the data is being stored
  4. Consider if you still need it

How to make your website GDPR compliant

Create or update your Privacy Policy

The biggest part of GDPR is communicating to your online users how you’re collecting their data, and when and why you’re using it.

The best way to do this is to detail everything where personal data is used on a privacy policy page on your website.

It must be clear and concise and give your users a way to remove their data, if required.

You will also need to detail any applications you use to track user interaction on a Privacy Policy.

Contact or enquiry forms need active ‘opt-in’ option

Any forms or entry fields which invite users to leave their contact details must be blank or default to ‘no contact’ so that the user opt in to use them.

Different ‘opt-in’ settings for each communication type

Users must provide separate consent for each different types of data processing (post, email, telephone).

If data will be passed to a third party, permission must also be sought at this stage.

It must be easy to opt out or withdraw permission

Removing consent must be just as easy as it was to give it – and must be available at all times.

Name all parties who will use the data

Web forms must identify every party by name who will use the data for which consent is granted.

Cleanse online payment data

E-commerce sites which use a payment gateway for transactions must remove personal data after a reasonable period. GDPR legislation does not explicitly state the number of days, this is down your own judgement as to what is reasonable and necessary.

How can we help you with GDPR?

As a business, it is your responsibility to make sure you are GDPR compliant.

Depending on the data you collect and how you use it, you may need to take some or all the steps outlined above.

You’ll definitely need to create or update your Privacy Policy.

If required, we can help you...

Conduct a cookie audit: Detailing all the cookies used on your website, what they’re used for and links to any relevant external third-party sites (Twitter, Facebook, etc).

Create a page to direct customers to opt-in to marketing list: This will display a simple form and submit through to a provided email address to enable you to cleanse your existing customer data.

Amend any data entry forms on your site: To include opt-in tick boxes to ensure it is clear to users that they are consenting to receive marketing or promotional material.

Add a Privacy Policy: Provided by you, we can format it into your website’s current style.

To enlist our help and find out more, please call 01482 216006 to discuss your requirements.