In May of 2018, as part of the EU data protection directive, General Data Protection Regulations (or GDPR) was brought into force to protect your customer’s personal data across all online platforms and marketing efforts. This includes your website, social media, email marketing lists and more.
Here you can see the guidelines on steps you can take to ensure your website is still compliant with GDPR. This can be a lot of information, and it may be in your best interest to consult with an SEO agency London if you are unsure of your compliance.
Take these four steps to ensure that your website is GDPR-compliant:
- Limit the data you collect and store.
- Keep your mailing lists clean.
So let’s get stuck in…
You must outline the types of data you collect, what this is used for and what you do to protect it.
For this to be relevant to your site, don’t copy and paste it from somewhere else. It’s unlikely that someone else’s policy will contain the correct information for your site. If relevant to you, you may need to include things like:
- We do not sell data.
- We do not share data unless compelled by law.
- We only request personal information if it’s required to provide a service.
Ensure that you follow up this with the types of data collected on your site, what it’s used for and how it’s protected. You regularly see this displayed in a table format.
As cookies are used to identify an individual, GDPR states that cookies constitute personal data. You must obtain clear, specific consent from website users to place cookies and track them.
This is typically done via a popup on your web pages when a user first lands on your site. It allows users to either consent or decline cookie usage from the outset. To comply with GDPR guidelines, you cannot have a pre-set answer. It must have a yes or no option for users to pick from for freedom of choice. If a user does not consent to cookies, you cannot place cookies on their browser, and your site should still be accessible without them.
When talking about data collection and storage, we usually reference form submissions, whether these are contact forms, brochure requests or information forms.
When creating a form for your site, you have the possibility to collect a wide range of personal data. But you shouldn’t. Only use the fields for data collection that you actually need for processing. Don’t keep any personal data for longer than is absolutely necessary.
Be aware that some form plugins for the site store submitted forms in a database. More and more are now adding a “do not store form data” option in their plugin configuration. Make sure this is being utilised if you have this option.
You will have a mailing list if you utilise email marketing as part of your marketing strategy — industry-standard procedures such as a double opt-in for your lists. A double opt-in means that the user gets sent a confirmation email following signing up on your site, and they will need to click the link within the confirmation email to finalise their subscription. Even though GDPR doesn’t require a double opt-in, it is still best practice to ensure the proper consent was obtained for marketing emails.
If you purchase a mailing list for third-party sources, it is advised to stop. If you have a purchased list where the contacts have not provided consent for use, you will be breaching GDPR.
Your existing mailing list may need a look over as well.
If subscribers have been signed up without consent, those records are not GDPR compliant, and you might want to clean up your database. It’s recommended to send a reopt-in email to all subscribers so your mailing list from that point will be GDPR compliant. Or, at the very least, ensure that you have clear unsubscribe links in any form of email communication.
So wrapping up website GDPR compliance isn’t easy, but it is essential. Taking these steps and regularly checking these elements will help you move closer to a constantly compliant website.
If you are using a CMS, make sure you are careful of changes to the core system and plugins to ensure they comply with GDPR. If they aren’t, look for an alternative option for you to use. It is up to you to ensure that your company and your online presence comply with GDPR. The above should not be considered legal or tax advice. Ensure you consult an attorney or tax professional regarding leg