How to make your website GDPR compliant

  • By Lucy Pepper

• Are you ready for GDPR?

• Have you begun to sort through and cleanse your digital customer data?

• Will your website comply with the new GDPR regulations?

If you’ve answered no or you’re not sure about any of the above, we can help you become GDPR compliant online.

From Friday 25th May 2018, all digital systems have to include privacy by design. Fail to do so and the fines are astronomical.

The maximum fine for non-compliance is 20m Euros or up to 4 per cent of your annual worldwide turnover - whichever is the greatest.

As many businesses will already know, if you control or gather customer data it must only be processed and used when absolutely necessary.

To make your website GDPR compliant you should:

• Conduct a personal data audit

• Analyse what you’re using the data for

• Review where the data is being stored

• Consider if you still need it

6 steps you MUST take to make your website GDPR compliant

Create or update your Privacy Policy

The biggest part of GDPR is communicating to your online users how you’re collecting their data, and when and why you’re using it.

The best way to do this is to detail everything where personal data is used on a privacy policy page on your website. It must be clear and concise and give your users a way to remove their data, if required.

This must comply with The Information Commissioner’s Office (ICO) requirements and use GDPR terminology to clearly state (in a concise and transparent way) how data is gathered, used, stored and shared.

You will also need to detail any applications you use to track user interaction on a Privacy Policy.

Contact or enquiry forms need active ‘opt-in’ option

Any forms or entry fields which invite users to leave their contact details must be blank or default to ‘no contact’ so that the user opt in to use them.

Different ‘opt-in’ settings for each communication type

Users must provide separate consent for each different types of data processing (post, email, telephone).

If data will be passed to a third party, permission must also be sought at this stage.

It must be easy to opt out or withdraw permission

Removing consent must be just as easy as it was to give it – and must be available at all times.

Name all parties who will use the data

Web forms must identify every party by name who will use the data for which consent is granted.

Cleanse online payment data

E-commerce businesses which use a payment gateway for transactions will need to modify web processes to remove personal data after a reasonable period. GDPR legislation does not explicitly state the number of days, this is down your own judgement as to what is reasonable and necessary.

How can we help you with GDPR?

As a business, it is your responsibility to make sure you are GDPR compliant.

Depending on the data you collect and how you use it, you may need to take some or all the steps outlined above. And you’ll definitely need to create or update your Privacy Policy.

We can help you to: 

• Conduct a cookie audit - detailing all the cookies used on your website, what they’re used for and links to any relevant external third-party sites (Twitter, Facebook, etc).

• Create a page to direct customers to opt-in to marketing list - this will display a simple form and submit through to a provided email address to enable you to cleanse your existing customer data.

• Amend any data entry forms on your site to include opt-in tick boxes to ensure it is clear to users that they are consenting to receive marketing or promotional material.

• Add a Privacy Policy - provided by you - and format into your website’s current style.

• Send out a mass ‘opt-in’ email to your existing marketing list – an optional extra to try to retain as much customer data as possible.

To enlist our help and find out more, please call 01482 216006 to discuss your requirements now!