How to prepare your website for GDPR
As you probably know, on 25th May 2018 the EU will be changing the data protection laws which will be called GDPR (General Data Protection Regulations).
What is GDPR?
The GDPR in relation to websites is the protection of your customers data - their name/address/tel/email, etc. It's a good law in the way that it gives more protection to consumers from those companies who exploit their customers data for the own gain. This could include bombarding them with unwanted news emails/offers, etc or selling their data to another company or companies or individuals without permission.
It's pretty obvious what you need to do but some companies are nervous about getting it wrong and there are penalties for those who don't comply.
Preparing for GDPR compliance
Here's a quick to do list that should help you on your way to being compliant.
- Contact the ICO regarding the details to ensure you are compliant in all areas (it's your responsibility). See preparing for GDPR from ICO
- Speak to a solicitor about your internal policies and procedures
- Ask an IT company about your computer system security and backups
- Talk to us - your local web developers about your website, website backups and website security - especially if you have online forms requesting users details and eCommerce or catalogue websites that store data.
Website Security
Website security is very important - not just for your customers data but for your website as a whole. You need to protect it from hackers trying to wriggle in and get that data or dis-honest SEO companies trying to use your website for their personal gain (this happens with unprotected, out of date WordPress websites - no surprise there! And sites with old, out of date code). But don't worry - we're here to help (that's our job - and we love it!)
Impact of GDPR on websites
If your website collects any type of customer data, like email addresses in an enquiry form that feeds a database or any type of personal information, you need to allow customers to request you to delete their data from your records or at the very least not use it for marketing purposes. Be sensible and responsible with users details. It's best not to make a mailing list from details of customers you've received through a website enquiry form but if you do, then you need to make sure your privacy policies (and those on your website) are in line with GDPR. If you want to create a mailing list, have a proper mailing list subscribe form added to your website, then users can also 'unsubscribe' from your mailing list but it also means that those people have voluntarily added themselves to your mailing list.
See also: GDPR Compliance for Small Businesses and GDPR data protection laws
Written by Kirsty Paget