GDPR website compliance – General Data Protection Regulation

Share on social media

GDPR website compliance – General Data Protection Regulation

GDPR (2016/679) – General Data Protection Regulation was agreed by the European commission in January 2012 after 4 years of deliberations and this is the Data Privacy law which comes in to effect on May 25th 2018 or 9th January for Financial firms. It replaces the 1995 Data Protection Directive. Failure to comply will carry very large fines to be imposed by the Data Protection Commissioner. This is all about personal rights, security and protecting any identifiable persons data, such as email address, name, address, postcode etc, to avoid spamming or abuse or much worse, such as illegal accessing of bank accounts. This ‘personal data’ is also referred to as ‘data subject’.

GDPR governing websites and mailing lists

EU GDPR TipsGDPR website compliance – our focus is obviously on how GDPR affects us and our own SME clients, with regards the data we already hold and any data we may intend to hold in the future. Yes this legislation is aimed at large corporations and unscrupulous marketers, but it also affects small businesses too. We will curate this article to keep it up to date with any useful advice and tips, to help you become and stay compliant. There is no need to panic immediately. Meantime, someone does need to take responsibility for this, to ensure your compliance. Check what data you hold, apply new measures to be compliant and also update your terms and conditions and Privacy policy on your website. You may be asked to produce a copy of any data held by you. And any breach of your data, should be notified to the relevant data protections authorities and possibly the persons affected. Failure to comply can lead to fines of 4% of turnover or up to €20 million whichever is greater. The main thing to remember is that you need to be up front and tell your website visitors what personal identifiable information data you collect, if any, and what you will do with it.

GDPR website compliance – 15 recommendations to keep you compliant

GDPR website compliance – Here are 15 ways to help keep you compliant and avoid big fines
1. email opt-ins – include a double opt-in so that after signing up, the person gets an email asking them to confirm that they did indeed opt-in to receive your communications. It is a useful protection for you, to show that you were asked to sign this person up. Mailchimp will do it for you, if you have the settings correctly set up. This will cover you going forward.
2. Lists – If you have a current list, then do offer people the chance to opt out, which will be evidence that you did give people the opportunity to opt-out. Ideally do cleanse your ‘list’. Use it as a reason to reach out to that list and find out who cares. Remember that under GDPR people have the right to ‘be forgotten’. Platforms like Mailchimp have updated their platform to include GDPR optins.
3. Unsubscribe – get out of jail card. Always include the option to ‘unsubscribe’, in your emails. Make it clearly visible. By all means add a message to explain why it would be a good idea to stay on the list rather than unsubscribe.
4. T’s & C’s – Include your terms and conditions on your website and ensure you refer to how you handle personal identifiable information data. Are people signing up to a mailing list or just to get a one off FREE guide or something similar. Provide informed consent about what you would like to do with that data..
5. Essentials – Only ask for the minimum amount of data. What do you really need? Name and email might do, so why ask for address or postcode? Keep it at a minimum. If you need postal addresses or date of birth in order to ship goods, then ensure that you only have this for real customers.
6. Pirating – Never buy or sell ‘lists’ – it is just wrong.
7. 3rd Party – Beware of third party applications such as your CRM to ensure that they are GDPR compliant. They may by default ask for more information than they need for you. Your email programme needs to protect against misuse. Your website will have third party plugins and each needs to be checked to ensure that they are GDPR compliant or they need to be replaced with a better option.
8. Clarity – Do not make it confusing when asking for information in opt-ins or asking people to opt-in to something, be clear about what is being offered or asked. Be honest.
9. Security – Protect your list data, use some form of security, as you will be held responsible, if your data is hacked. You need to show that you did apply some security. Ask your insurers if you can get some form of cover, if you are worried that your data might be breached. Get your laptops encrypted.
10. Data retention – Consider how long you might hold data. If someone buys off you once, are they likely to buy again/ Or if someone buys in 2017, but does not buy again within a set time, say one year or five years, can you decide to cleanse their information from your records. decide on a best before date for this sort of data.
11. Cookies on a site can gather information, so check your settings or be up front about what you do with the PII personal identifiable information. In Google analytics settings set the option for anonymization/masking the IP data.
12. Pixels – If you are using things like the Facebook pixel you are recording visitors activities and you need to be clear when you explain what you are doing with that information. State your use of such pixels and any information gathered in your own Privacy Policy.
13. CTAs – Simple calls to action on your website may be set to gather information, so again make sure you state what you do with such information.
14. Platform – Your website is built on some platform, possibly WordPress, Drupal, Joomla, Wix, Squarespace. This platform itself needs to be GDPR compliant, so check that it is to cover your self. These platforms all have new GDPR plugins to make all this much easier.
15. Check boxes – ensure that if you have check boxes when asking people to opt in, that they are not pre checked. The visitor must check the boxes themselves.

GDPR website compliance – Next steps for you

How to ensure GDPR website compliance and manage your existing data, without this becoming available to the wrong people. Truth be told, we should not hold any data on people just for the sake of spamming them. We should only market to people who are likely to want to hear from us or people in our industry, who may have a legitimate interest in what we have to say. Now is a good time to delete any personal data held on people who are not current clients or very likely potential clients. Why chase after people who do not want what you have to offer, when you could be focusing on those who do.

If you have a ‘list‘, many people in it may have forgotten that they ever signed up to it, so get in touch with them and offer an opt-out to them. This is a re-engagement process that is recommended. It gives you an opportunity to connect with your clients or potential clients and offer them a chance to engage with you. It might even start a new conversation. It certainly shows good  intent on your part, to avoid being an unwanted intrusion going forward. You may lose people from the list, but if they do not want to hear from you, then let them go free. Remember amend your Ts & Cs and Privacy Policy to include a data protection agreement – read more on getting your own Privacy Policy and Tc & Cs here..

If you need someone to ensure that your website is GDPR compliant, contact us and we can arrange an audit and any remedial work. We offer monthly website care plans that help ensure GDPR compliance.
Things that simply need to be done for every website include:
1. Do an audit of the website to see how you are currently collecting personal data, through Contact Forms, Newsletter Subscriptions, Cookies, and any tool that collects IP addresses. Tip: Only collect the bare minimum of data and declare this practice in your Privacy Policy page.
2. Do an audit of all your website plugins, to see what data they are collecting via your website. Do you need them to collect this data? Can you change the settings or change the plugin? Note: It is your responsibility to ensure that any plugins used do not breach the GDPR.
3. Ensure that you devise a simple way for visitors to request what data you hold on them and give them the right to delete it or be forgotten.
To book your GDPR website audit click here.
4. Check the settings in your Google analytics to see what data you are collecting and how long you are holding it and what is being done with it. Add this to your GDPR statement or Privacy Policy or both.

WordPress news – If you are using WordPress as a platform, you can update it, because version 4.9.6 includes a GDPR in its core, which includes a default Privacy Policy. Now you can create a Privacy Policy right in your website dashboard, rather than have a legal firm write one specifically for you. (Although that would be a better option). The plugin also allows you to export personal data, in case someone asks you which data do you hold on them, It means you can find someones personal data in your site and delete it. Likewise it comes with a Comment consent box to include a Comment consent statement or anyone who wants to leave a comment.

Useful GDPR links:

A & L Goodbody website obligations guideline for online traders websites HERE

EUGDPR
EUGDPR FAQs
Suzanne Dibble – The Small Business Law Expert has a wealth of useful information here.
An you can check out your Personal Rights here.
Facebook explains its GDPR policy here.
Whilst here is Googles statement.
And Mailchimp. .

In the UK they have a great resource at the Information Commissioners Office which has a great Guide to the General Data Protection Regulation (GDPR). And the ICO has a good page on Key Definitions as well as a page on the Principles of GDPR and one specifically on Consent covering the gathering of any Personal Data and one on Contracts around the use of Personal Data, as well as one on our Legal obligations. It also has an explanation about Personal Data breaches and about GDPR in relation to Children.

Data Controller versus Data Processor
There is a distinction between these, as one is the person who controls data such as payslips and health records, whilst another is someone who send out payslips or appointment notifications using that data. The Data Controller is always responsible for the data and their data processors.

REMEMBER – Ignorance is not a defence in the eyes of the law. Putting in some form of Best Practice for GDPR website compliance  and responding quickly and efficiently to any GDPR queries from visitors, will go a long way to avoiding any fines.

Share this information.
Feel free to share this information. This is what we use when we do a GDPR website Audit for clients, but you are welcome to use it to help you stay compliant.

Bottom Line
GDPR is a good thing, however there are steps we all have to take in order to improve compliance, avoid penalties and upsetting visitors.

To get started book your GDPR website audit here

To get Googles take on GDPR with regards to Google Analytics – see below their recent email titled Review your data retention settings before they take effect on May 25, 2018:

“Dear Google Analytics Customer,
We recently sent an email introducing new data retention controls that allow you to manage how long your user and event data are stored by Google Analytics. We would like to remind you that the new data retention settings will soon take effect – on May 25, 2018.
If you haven’t already done so, please review and confirm these settings (Property ➝ Tracking Info ➝ Data Retention) as Google Analytics will begin to delete data according to these settings starting May 25.
Impact of this setting as of May 25 is the following:
• Any user and event data that is older than your retention setting will be marked for permanent deletion, and will no longer be accessible in Google Analytics.
• Deletion will affect the use of segmentation, some custom reports and secondary dimensions when applied in date ranges older than your retention setting.
• Reports based on aggregated data will not be affected.
Find out more
You can also learn more about these data retention settings or how Google Analytics is committed to safeguarding your data.
Thanks,
The Google Analytics Team

Anthony Lavin
Anthony Lavin
20:23 17 Apr 18
Michael and his team provide not just great service, but great after service and support. They do exactly what they say on the tin!!
Gareth
Gareth
13:53 11 Dec 17
Highly recommend Michael and his team for their professional service and advice. Michael's experience in website design and support is second to none.
Shaun Hamilton
Shaun Hamilton
13:52 13 Sep 17
Michael and the MeanIT team are leaders in the website design business. If you need a professional, effective and well functioning website for your business....and hey, who doesn't.... these are the guys to talk to. Highly recommended!!
Darren Donaghy
Darren Donaghy
12:31 19 Jul 17
I have referred Michael and the team @ MeanIT to a number of my clients and have heard nothing but amazing reports, MeanIT specialise in delivering bespoke web design, great advice and fantastic aftersales service to everyone of them.
Michael McMahon
Michael McMahon
14:08 15 Nov 16
I recommended MeanIT to some of our customers looking for a productive website and they come back to thanks us..!! Michael guided them through the process from start to finish and produced a website that suited their needs and more importantly help increase their business. If you are looking for a new website or someone to look over your current site I would highly recommend MeanIT.
See All Reviews

Our Web Partners Designers, Developers, Digital Marketers & Hosting

Website Design WordPress
WooCommerce Web Design
Website Hosting SiteGround
Google

FACTS & FIGURES

In business for 30 years, 18 in web design. With 100s of business website designs created, we #lovetalkingbusiness

Free guide

How to build a website.
Everything you need to know to do it yourself - DIY

Book Consultation

Get a 30 minute strategy session on us - No charge. Lets talk about your business and see where it goes

Website Support

Get a competent team to ensure that your website is kept secure and performing well 

%

Customer Satisfaction

SECURED PAYMENTS

Websites Delivered

DEDICATED SUPPORT

WEB SERVICES