Making Your Website GDPR Compliant
You may be aware of the GDPR – the new European General Data Protection Regulations which come in to force on the 25th May 2018.
If you haven’t already addressed GDPR in your organisation, here is some information to help you.
Disclaimer – We’re not lawyers, and the information provided here is intended to be used as a guide. If you require legal advice regarding GDPR please seek it from a professional legal source.
GDPR – What is required to make my website compliant?
In a nutshell, here is what is required for you to do to make your website compliant:
- Provide distinct methods of giving consent for each different way you will process information from a form. In other words, if you want to use someone’s personal data to a) interact with them to provide services they have requested, as well as b) contact them in a marketing capacity, they must be able to provide separate specific consent for each of these purposes. You can’t lump all the consents into one check box. Likewise, if you want to use several methods of communicating with users, such as email, phone, and SMS – you will need to get consent for each of these methods with separate checkboxes.
- Provide ways for your website users to view their stored personal information or request it to be anonymised or deleted. The GDPR sets out requirements for individuals to have great access and control over the data that organisations hold. So it’s important that users can withdraw consent as easily as they gave it. There are software plugins available that make it easy for users to see what consents they have given to you and request to view or remove them. Please contact us if you would like help configuring this functionality.
- If your site doesn’t have a clear cookie notice yet, you’ll need one. Contact us if you’d like help setting this up.
This is a brief summary of the kinds of things you will need to do to make your website compliant with the GDPR. It doesn’t mean that just because your website is compliant, that the rest of your organisation is – you will need to address the ways in which you handle data throughout your organisation, including the ways in which you deal with personal information offline.
Here are some good resources on GDPR to help you…