GDPR, or is it more like GDPAAAAGH?
24th May 2018
Are you ready? Are you still tearing your hair out? Loosing your mind? Is it more like GDPAAAAGH? greensplash determines perfect recommendations…
As a web design agency, we are only too familiar with the panic of ensuring that not just our own websites are ready but also helping our clients implement the new legislation. Our GDPR Guru and website wizard, Ian has put together this helpful checklist with some recommendations.
If we built your website, we can help with this. If we didn’t, please read our guide and then contact the person who did.
The new GDPR legislation, is your website ready?
As you will be aware, the new GDPR legislation is fast approaching and requires business owners to update their websites appropriately in line with the new legislation.
As a creative agency we are unable to advise you legally, and recommend you seek legal advice to ensure that your business is GDPR compliant (as GDPR spans across your entire business and your website is just a small part of it).
To provide assistance we recommend that our customers consider doing the following to their websites, at least as a starting point. Please note that these are our recommendations based on our own business implementation and should be used for reference, you should not use these points as a legal guide. You should instead seek professional legal advice to ensure your business is compliant as there is no ‘one solution fits all’, each business is set up differently and GDPR will apply to you in different ways.
What is GDPR?
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).
Our recommendations:
Remember these points should be used as a guide only, you should not use these points as a legal guide but instead should consult with your solicitor to ensure your business is compliant.
1. Privacy & Cookie
On your website you should have Privacy and Cookie policies, these are normally located within the footer area of your website and are a link to the policy information. You may have policies on your website already, but these may still need to be updated to ensure they are compliant with the new legislation. A solicitor can draft these policies for you and tailor them to you and your business. Alternatively, should you wish to take legal responsibility there are templates available online that you can use and edit yourself. Here is an example website offering templates for you to use: https://www.website-contracts.co.uk/privacy-and-cookies-policy.html There are many others out there, this is just an example. (We have no connection or endorse it).
2. Opt-in checkboxes
Most websites have online contact forms. Do you collect contact information and store it, perhaps to contact the individual or company again for marketing purposes? If so, then you should introduce an opt-in opportunity to the online forms upon your website, here is an example:
If you do not collect information for these purposes, make sure this is transparent in your policies.
3. Cookies
Do you use Google Analytics or sell online? You should inform the user that the website uses cookies for that reason specifically. Thus, allowing the user to leave your website if they do not agree. This is normally done by using a cookie notification banner or box placed on the website. An example of this would be https://www.tesco.com
Looking at Google Analytics specifically, if you have Google Analytics on your website but you have found that you don’t use it, you could remove Google Analytics from your website and this notification banner is not required.
You should have this notification banner if you use other tracking or remarketing software.
If you do not use cookies, make sure this is transparent in your policies.
Making the website updates
If you have a CMS on your website (a login area to update your content), you may be confident to update the policy content yourself. If, however, you need assistance and we built your website, we can update this content for you by utilising our support credit system (pre-paid blocks of support). If you don’t have any support credits readily available, we can provide you with a quotation upon request.
The opt in opportunities for online forms and cookie notification banners need to be implemented by a web developer. If we built your website, we can make the updates for you, again by utilising our support credit system (pre-paid blocks of support). A quotation can be provided for these if you don’t have any readily available.
Please do let us know if you need assistance and we will schedule this work in as soon as possible.
GDPR affects email marketing too!
Also, if you use email marketing you will need to consider the GDPR implications on your subscriber lists too. You may need to sanitise your lists by sending a ‘re-opt-in campaign’ to allow you to continue marketing to them. A solicitor will be able to advise you on this.
There may be other GDPR recommendations that we haven’t mentioned specific to your business, so it is again a good idea to contact your solicitor for guidance on the matter. If you do seek legal advice, we would suggest using a solicitor in order to comply as independent ‘GDPR specialists’ may up-sell things you don’t really need as it is in their financial interest. (Sorry – no offence, just what we have heard)!