How To Make Your Website GDPR Compliant

Everyone is getting up in arms about the new GDPR that has been enforced today and we thought we would explain what that means to your website and how it handles data. GDPR will affect the two main channels of data which are the DATA PROCESSOR & the DATA CONTROLLER.

If your business deals with EU residents regardless of Brexit then you will need make sure your website is GDPR Compliant

Depending on what you do with the data will depend on what measures you need to take to handle that data and this can range depending on the nature of your business, but we are going to look at what this means for your website.

We have broken down what you need to know if you run a small business so you can relax at night, because I know you’re all losing sleep over it!

Double Opt In

On every contact form there needs to be an unchecked check box with a note to the effect of “By submitting this form you are allowing [your company] to store data from this form”. You can tweak this to suit your needs, but the form needs to force the user to check the box and they will also need an email to double check.

If you run an online shop, you will also need this display box on the billing page too.

Right To Receive Data

The customer should have the right to request their data at any point. Whether you store information on a third party CRM, host or any local files, if a customer requests their data, you need to provide it. In your privacy policy make sure you have a clause in there to support this and ideally with a link to a request data form.

Display When Site Was Last Modified

This is a bit of a grey are, whenever the site is updated it is best practice to display when the site was last modified, in WordPress there is a plugin with a handy bit of short code called LAST MODIFIED – you can download the plugin here for free

Cookies

Stick a cookie banner on your site with a check box that they understand that the site uses cookies if you use tracking software or any third party insights software. Always best practice to make the user aware of this.

This is it for the website, remember, you also have other software and payment integrations that will need to be compliant so if you are in any doubt, it is always best to seek the help of a professional or even hire a data protection officer to help you out.

 

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *