Making Your Website GDPR Compliant
You may be aware of the GDPR – the new European General Data Protection Regulations which come in to force on the 25th May 2018.
If you haven’t already addressed GDPR in your organisation, here is some information to help you.
Disclaimer – We’re not lawyers, and the information provided here is intended to be used as a guide. If you require legal advice regarding GDPR please seek it from a professional legal source.
GDPR – What is required to make my website compliant?
In a nutshell, here is what is required for you to do to make your website compliant:
- Ensure you have an up to date privacy policy that can be linked to on your site and contains a clear and transparent explanation of the ways in which you collect, store and process personal information. It is your responsibility to create a privacy policy that relates to your church, charity, ministry or business and the ways in which you operate. If you would like help with creating a policy, please contact us and we can provide you with a good template to get you started.
- Ensure that forms that collect personal information explicitly state why the information requested is being collected. Link to the privacy policy. Provide a checkbox for the user to indicate consent is given. If you’re not collecting and storing personal information, this isn’t always required, (for example anonymous polls, surveys or forms whose fields can’t be used to identify an individual.)
- Provide distinct methods of giving consent for each different way you will process information from a form. In other words, if you want to use someone’s personal data to a) interact with them to provide services they have requested, as well as b) contact them in a marketing capacity, they must be able to provide separate specific consent for each of these purposes. You can’t lump all the consents into one check box. Likewise, if you want to use several methods of communicating with users, such as email, phone, and SMS – you will need to get consent for each of these methods with separate checkboxes.
- Provide ways for your website users to view their stored personal information or request it to be anonymised or deleted. The GDPR sets out requirements for individuals to have great access and control over the data that organisations hold. So it’s important that users can withdraw consent as easily as they gave it. There are software plugins available that make it easy for users to see what consents they have given to you and request to view or remove them. Please contact us if you would like help configuring this functionality.
- If your site doesn’t have a clear cookie notice yet, you’ll need one. Contact us if you’d like help setting this up.
This is a brief summary of the kinds of things you will need to do to make your website compliant with the GDPR. It doesn’t mean that just because your website is compliant, that the rest of your organisation is – you will need to address the ways in which you handle data throughout your organisation, including the ways in which you deal with personal information offline.
Here are some good resources on GDPR to help you…