What does a website need to be GDPR compliant?
May has arrived! Bringing bank holidays galore, the royal wedding and new data regulations in the form of the GDPR!
The General Data Protection Regulation (GDPR) is coming into effect on the 25th of May, aiming to strengthen and provide structure to data protection within the European Union. The current regulation was put in place in 1995 so is extremely out of date; especially since 1995 was pre social media!
Data privacy is the buzzword surrounding GDPR, consumers must be able to easily access:
- The purpose for which their data is collected
- Their privacy rights
- The way in which their data will be used, stored and retained.
The GDPR will allow consumers much more control over their data and will give businesses strict boundaries they must adhere to.
Websites are significant gatherers of data, fundamentally data is what fuels them! That’s why when GDPR comes into play, your website might be what catches you out if you are not gathering and storing the data it generates correctly.
Our website designs aren’t just pretty on the outside. Our web developers are working to ensure all of our clients websites are fully GDPR compliant, as well as being beautifully designed! There’s 14 things a website needs to be GDPR compliant from cookies to psuedonymisation, sounds complicated? Let us make it simple for you.
Here’s our 14 Step GDPR website checklist!
A page on your website that states what cookies are used on the site, both yours and from third parties and what data you capture with them and what you do with it.
Cookie & privacy popup notice
Secure Sockets Layer certificate – it’s the encryption code process that sits on the hosting space of your website. It’s the thing that makes the browser bar display a secure notice, sometimes go green and show a padlock symbol. The purpose is to securely encrypt all the details that are entered into any forms or fields on a website.
Pseudonymisation or anonymisation
As part of GDPR, ‘pseudonymisation’ means that websites will need to start moving towards the users being identified by a username only and that the rest of the data is encrypted so that there is no possible connection between the user and the stored details. You will need to speak to a web developer about planning this change as it will take time, planning and require a budget.
If you have the facility for users to sign up on your website to receive a newsletter from you, whether you send that out one at a time from your desktop email app or from a system like Mailchimp etc, you need to make sure the tick box that handles this subscription is set so the user has to OPT-IN and not opt out.
User account creation
If your website is an eCommerce site or allows a user to set up an account for access to services behind a login area, you will need to ensure that you have both the SSL certificate installed and also work towards the data being stored using pseudonyms.
Enquiry & contact form
If your website has an enquiry form for people to send you messages, you need to ensure GDPR is adhered to strictly as the data submitted is high risk, skilled web developers can help you with this.
Whilst not strictly website-related, all email services and the storage of email from all with whom you are connected, must be stored in accordance with DPA (Data Protection Act) & GDPR guidelines. In short, make sure you store your email data securely, use good anti-virus applications and archive and delete unnecessary email completely. Also, have a Data Retention policy – a statement by which your organisation follows in terms of how you store data and for how long before it is deleted.
Social media account connection
Using social media sites for your organisation also falls under GDPR. Whilst you do not need to seek permission from each person who ‘likes’ your page or ‘follows’ you, you do need to ensure that any information gathered directly from people with whom you interact on these sites is handled in accordance with the GDPR privacy guidelines.
Google Analytics and tracking
Failing to comply with GDPR could be very costly, and it is expected that a large corporation will be made an example of just to prove this. Fines for not adhering to the GDPR are penalties of up to €20 million or 4% of annual global turnover (whichever is greater). That’s why it’s important to act now.
Get in touch with us if you’d like us to run a free, super quick GDPR check on your website or if you have any questions.