GDPR and your website

One thing is for certain, a new Government regulation applying to all businesses across Europe creates a whole industry writing furiously on the topic! By now, I’m sure you will have been inundated with copious publications on all things GDPR related, and will already have reviewed how this will directly impact on every aspect of your business. If not, now’s the time to take a look at the ICO website and find out what it’s all about.
Of course we, as I’m sure you do too, wholeheartedly agree with the principle that creating a more rigorous regulation to protect the rights of individuals to determine how and where their data is used can only be a good thing.  Meanwhile, severely penalising those not promoting security, privacy and safeguarding of personal data is of benefit to us all.
The reality is that we all need to make sure we’re ready to adhere by the time it comes into force. 25th May – that’s the date we all have in our diaries.
The old adage ‘Honesty is the best policy’ certainly rings true with GDPR.  Being both a data controller of our own data and a processor of many of our clients customers’ data we have always believed in protecting this information on their behalf.  We ensure our clients have obtained this data legally and will use it purely for a specific, stated purpose which is known to the data owner. There’s no more buying data, no more obtaining details for one purpose and using them for another or passing it on.  The use of data must now be open, upfront and transparent. That’s the theory, but what do I actually need to do to my website?

Here’s our 5 top tips of areas we’d recommend you take a look at*:

1. Privacy policy – haven’t got one? This should be your first priority! If you’ve got one but not updated it recently you’ll probably want to review it. More information about what to include in your privacy policy can be found on the ICO website.
2. Cookies policy – let your visitors know why these are used and how visitors can adjust these with a visible cookie notice and link to the policy.
3. Forms on your website – Any form on your website, from a simple single field ‘join our mailing list’ through to a multiple field form, needs to have your privacy policy clearly shown. You should aim to only collect the data you need. If you want to communicate with them beyond the reason of contact, you’ll need to ask their permission by letting them ópt in’ to future communications, making it very clear on what they will be receiving.
4. Live chat – If your website has an online chat function, add a custom message and a link to your privacy policy.
5. Your existing subscribers – it’s also necessary to ask all your subscribers (such as people on your email list) to re-confirm that they wish to stay on your list, whilst specifying exactly what their details will be kept for. True, your subscriber lists will diminish before your very eyes but it’s all for the good in the end, and don’t forget, it’s always nice to say thanks to those who choose to stay.

*Please note we are not GDPR advisors and recommend seeking comprehensive legal advice to ensure that all aspects of your business are GDPR compliant.