GDPR and your website

Are you ready for GDPR?

On May the 25th a new regulation in EU law called GDPR is coming into effect, more information about it can be found here: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

In order to make your website comply with this legislation it may be pertinent that you review your website privacy policy (if you have one). A good example of a compliant policy can be found here: https://gov.wales/privacy_policy/?lang=en – also if you google ‘gdpr website privacy policy’ there are lots of useful resources to help you out.

Another thing you may wish to consider is installing a cookie consent popup to notify your users that you may set some cookies, if you would like a hand with this drop us a line, we can set this up for you.

Here is a list of website updates to ensure you are GDPR compliant:

  • Inform visitors about your website’s intentions to collect their information: This is best achieved through the addition of a ‘privacy policy’ page, and should explain the type of data you’ll use and why. The length of time that data will be held must be declared to meet the GDPR regulations too.
  • List ALL types of data being collected by the site, and whether they allow third-party access: With less data collected, you’ll be at reduced liability should a breach occur. We recommend this in a website footer file called ‘Cookies’.
  • Embrace data encryption as it is a central part of your data protection strategy: An SSL certification is the minimal website requirement needed to protect the stored data on your website server.
  • Set all ‘consent forms’ to be unchecked by default so that users must actively opt-in: These forms must be separate from normal terms and conditions. The fact that visitors must provide confirmation keeps your site compliant with the GDPR rulings.
  • Disclose details regarding Data Protection Officers or people that can access any user details: Aside from making this clear for all users, you must provide an easy point of access so that they can make inquiries related to their personal data being stored in a database.
  • Understand the ‘Right to be Forgotten’ regulations: and have a plan in place. Users have the right to delete their details from your site, but doing this manually can be time-consuming. Being ready to do this in an automatic and in a timely manner is key. We recommend a new policy in your website footer called ‘Terms of Use’.
  • Extend your data protection facilities to mobile websites and Apps, should you have them: These facilities now account for over half of all online interactions. The GDPR stipulates that data collection rules must, therefore, be present with those features.
  • Know how to act if a breach of data does occur on your website: From contacting the right authorities to filling in the right forms, it’s vital that you ready to act fast. Otherwise, you will fall short of the GDPR requirements.

If you need any help with GDPR just drop us a line here

You will be getting our “opt in” email soon, remember to opt in so you don’t miss out on any zeal news.