Make your website GDPR Compliant

Make your website GDPR Compliant

On 25th May 2018, the General Data Protection Regulation, more commonly known as GDPR, will come into affect.  The legislation may be enforced on 25th May, but now is the time to get your website organised.  The fines are set to be sizeable – with maximum penalties set at an eye-watering €20 million!  As a disclaimer – this article is NOT how to get your business organised to meet the rules, just your website!  It’s not the only area of your business that you need to consider, but it’s the one we know best so here is a quick guide to what you need to do:

  1. Get Consent
    If you collect data – whether it’s emails for a newsletter, or customer addresses for a purchase – you need to get specific permission to use it for anything other than what it was given for.  For instance, if you get their email from a purchase, that does not mean you can send them marketing emails!  You must get explicit permission before you can send someone marketing.  That could mean adding a ‘check this box to consent’ type field to your checkout process.
  2. Cookies
    You can still use cookies – they are necessary for certain websites, and valuable to others so this is great news, but you must have an acceptance notice on your website, and the text must be compliant with the new legislation.
  3. Privacy Policy
    You may need to rewrite your privacy policy to comply with the GDPR legislation.  They must be easy to understand, with no jargon, and feature the best practice recommended in the legislation.
  4. Understand who has access to your data
    You need to know who has access to the data in your website. Make a list, and remove anyone who does not need access to this data.  If it’s an external supplier, you are the data owner so you are responsible for how they manage the data.  Make sure they are compliant too.  If they aren’t, look for a supplier who is!
  5. Understand how to delete the data from your website
    If you do not know how to permanently remove data that is no longer needed from your website, get in touch with your developers.  You need to have a plan in place for this as you cannot hold onto data for any longer than is absolutely necessary.
  6. Make sure the data is encrypted
    An SSL certificate to give you the https:// and little padlock sign used to be a ‘nice to have’.  It gave you a boost in Google and it helped people feel comfortable using your website.  Now, you must have it if you are accepting any data through your website.

This is not a complete list – if you are in any doubt of how to become GDPR compliant, you can view the original white paper from the EU parliament here.  Oh, and don’t think that when the UK leaves the EU that GDPR will stop applying!  The Queen’s Speech in 2017 confirmed that the General Data Protection Regulation will form part of UK law following the country’s withdrawal from the European Union.

BUT if this is all gibberish to you, and you need some help getting your website compliant – don’t panic.  Get in touch with Kuka Studios.  Even if we did not build your website, we can help.  The deadline is approaching, so don’t delay!

Categories
Scroll to Top