GDPR – Make sure your website is compliant ready!

The topic hot on a lot of companies lips at the moment is the forthcoming GDPR Compliance. This is the new data protection law which will have a major effect on the way business to business marketing gathers and handles personal data.

It’s a good thing for personal users all round meaning your data will be much more protected, and hopefully in turn lead to less junk mail, spam and cold callers! However it is also having an adverse effect on business operations for everyone!

So as a business, both you and data you gather through your website / online activities will have to be compliant, or face hefty fines!

Luckily our Creative Director Chris has attended a course on the subject with Maximity, so we are fully aware what our clients need to do in order to make sure your website is compliant.
 

What does this mean for your website?

  1. You are required to state your lawful basis for processing the data, how long you store it for and that people have the right to complain to the ICO. In short this means your website privacy policy will need updating (or creating). This ideally should be a data flow audit showing the flow of information from your website to other systems
  2. Procedures for deleting / providing any of your data. As collected data can be stored in the back end of your website as well as internal CRMs, Emails and more.. you need to have a procedure in place which accounts for deleting someones data upon request or providing it to them.
  3. Data portability is a fancy word for moving data around, meaning if data provided to a controller (based on the individuals consent for carrying out a contract) is automated to other systems then this needs to be done in a safe and secure way and made to be user friendly. So for example if your website doesn’t allow for a quick download of all user transactions, then this is something to add
  4. Users must have the right for their data not to be run through automated decision-making or profiling. This means if data is automated from your website to any of these type systems then there may be a longer process to obtain users consent before hand.
  5. So what is consent! The GDPR definition of consent in summation says that consent must be given freely, be specific, informed and unambiguous. In summation this means all methods of contacting a user must first go through a positive opt-in. It cannot be assumed by pre-ticked boxes or any form of inactivity, for example your site cannot say ‘If you do not want to receive emails from us, tick this box’ – it must ask the user to actively tick a box and opt-in.
  6. You will now have a responsibility to report specific types of data breeches within your company should they happen, this would mainly incur if you discovered your website is hacked and data has been downloaded. You may want to consider an upgraded hosting server with Firewall and SSL certificate to safeguard any attacks. You will also need to have your site’s security regularly checked and updated to ensure you don’t ever have to advise your customers that their data has got into the wrong hands, we also offer monthly support packages which could assist in this.
  7. The GDPR now makes privacy by design a legal requirement, this means when having a new site designed or developed, or even updating an existing website that data privacy should be considered from the start rather than an afterthought.

 

As we have developed plethora of lovely websites over our time, unfortunately we don’t have the time or capacity to go through and check that all our clients individually are compliant, and by GDPR rules this really falls down to you as a business. However if you do want us to run our eye over your website and arrange this for you then please contact us for details.