Top Menu

Is Your Website GDPR Ready?

On May 25, 2018, GDPR comes into effect. This will affect how organisations collect, store and make available personal data to all customers, prospects, suppliers and so on. As a small business owner marketing to and transacting with parents, do you know if your website is GDPR ready? Read on for some tips and advice and a free checklist to help you:

gdpr ready

The new European wide regulation brings in protection for people when transacting with companies. Any personal data, i.e. data that could personally identify someone needs to be kept safe and companies have to be responsible. It requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. So if you sell online, capture emails and other data from people on your database, you need to ensure these are protected.

Here are some steps you can take to make sure your website is GDPR ready:

#1. Know where you collect data from people on your website

Make a list of all the places on your website that people can submit their personal data to you.

#2. Update your Terms of Use page

Update your Terms of Use and Privacy Policy pages on your website with information on

  • how you collect and store personal data
  • how people can contact you to make a data request

Then make sure your Terms of Use are linked from everywhere that people can submit.

#3. Make it Easy For People to Contact You about Their Data

Add a statement or drop down to your Contact Us page/form to let people know how they can make a data request to you.

We have created a free GDPR Checklist for your Website that you can download and work your way through these steps. 

Download your free GDPR Checklist here to use to make sure your website is GDPR ready 

gdpr checlist

#4. Be Clear on Your Sign Up page

Add statements to your mailing list sign up page telling people why you collect their data and what you use it for.

#5. Add Opt In Tick Boxes

Add opt in tick boxes to sign up forms that people have to tick to confirm that they have read your Terms of Use page and that they agree to you collecting their data.

You might enjoy reading How to Create a Freebie for Parents to Capture Email

#6. Move to Double Opt-In

opt in

If you aren’t already using Double Opt-In for mailing list sign ups then switch to that. It may reduce the numbers of signups you get but not only can you prove someone wanted to go on your list if you get audited but also you know they definitely want to be on your list as they have double opted in.

#7. Review where Personal Data is Stored

Now look at where the personal data that people give you gets stored. For each place that you store data, check that it is GDPR compliant:

  • If it’s on your website, ask your tech person to confirm that the data is stored safely
  • If it’s on a mailing software, make sure they have Privacy Shield in place.

#8. Check Access to Personal Data

Check all access to where personal data gets stored. Is everyone who has access supposed to have access? Is read-only access set where required?

#9. Review Processes for Using Personal Data

Now look at all the processes you have for using that data. For each process, make sure it is GDPR compliant. For example,  if someone downloads a free e-book, you may have them on an automated email sequence. Are all these processes keeping the personal data safe?

If someone buys a product from your website, where is that personal data stored to go with their sale information and invoice?

Finally, if someone contacts you with a data request asking to see what data you have stored, do you know who will reply to them and what timescale you are going to commit to doing it by? (GDPR requires you to do this within 1 month by the way.)

#10. Review Internal Handling of Data

laptop

Now look at how you handle data internally. Do you ever download data from your capture forms or e-shop or mailing list to a local computer/laptop? When you do, do you encrypt the file with a password?

The key thing here is you don’t want any accidental loss of personal data (e.g. laptop left on a train) so make sure to create new processes for storage of personal data to avoid this happening.

#11. Add Steps to Internal Policies

Add any required steps to internal policy documents that you have, e.g. for new people or for suppliers that you use. Ask existing staff or suppliers to read your new policies and confirm back to you that they will abide by them.

#12. Make Sure Business Contact Data is Also Secure

If you are storing business contacts with personal information for suppliers, partners etc, check that the place you are storing them is GDPR compliant.

#13. Fresh Eyes

Get someone with fresh eyes to take a look at your website, ask them to sign up and check they got the double opt in confirmation mail. Ask them to read your Terms of Use and to make a data request so you can check all is in order.

Recommended listening: GDPR Is Coming To Get You – What You Need To Know – Blogcentric #101 podcast

Useful website: GDPR and You www.gdprandyou.ie

I hope this blog post has helped you to review your website and make sure it is GDPR ready. It’s taken us a while to get there and we’ll still working through all the steps but there’s nothing like a deadline to motivate you!

Over to you now. Is your website GDPR ready? Tell me in the comments below how you are getting on with getting ready for GDPR.

 

, ,

2 Responses to Is Your Website GDPR Ready?

  1. Kat 3rd March 2018 at 5:20 am #

    Great article. Very straight forward. I’m here in the US, but I really want to keep up with these regulations and this has been one of the easier to understand posts, which is great, because there is a lot to this!

    • Jill Holtz 3rd March 2018 at 11:04 am #

      Thanks Kat. There is definitely a lot to work through so hopefully this will help. Even if the US doesn’t have these regulations now it’s good practice really to make sure that personal data is kept safe and that you are using it for the right reasons too.

Leave a Reply