On May 25, 2018, GDPR comes into effect. This will affect how organisations collect, store and make available personal data to all customers, prospects, suppliers and so on. As a small business owner marketing to and transacting with parents, do you know if your website is GDPR ready? Read on for some tips and advice and a free checklist to help you:
The new European wide regulation brings in protection for people when transacting with companies. Any personal data, i.e. data that could personally identify someone needs to be kept safe and companies have to be responsible. It requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. So if you sell online, capture emails and other data from people on your database, you need to ensure these are protected.
Here are some steps you can take to make sure your website is GDPR ready:
#1. Know where you collect data from people on your website
Make a list of all the places on your website that people can submit their personal data to you.
- how you collect and store personal data
- how people can contact you to make a data request
#3. Make it Easy For People to Contact You about Their Data
Add a statement or drop down to your Contact Us page/form to let people know how they can make a data request to you.
We have created a free GDPR Checklist for your Website that you can download and work your way through these steps.
Download your free GDPR Checklist here to use to make sure your website is GDPR ready
#4. Be Clear on Your Sign Up page
Add statements to your mailing list sign up page telling people why you collect their data and what you use it for.
#5. Add Opt In Tick Boxes
You might enjoy reading How to Create a Freebie for Parents to Capture Email
#6. Move to Double Opt-In
If you aren’t already using Double Opt-In for mailing list sign ups then switch to that. It may reduce the numbers of signups you get but not only can you prove someone wanted to go on your list if you get audited but also you know they definitely want to be on your list as they have double opted in.
#7. Review where Personal Data is Stored
Now look at where the personal data that people give you gets stored. For each place that you store data, check that it is GDPR compliant:
- If it’s on your website, ask your tech person to confirm that the data is stored safely
- If it’s on a mailing software, make sure they have Privacy Shield in place.
#8. Check Access to Personal Data
Check all access to where personal data gets stored. Is everyone who has access supposed to have access? Is read-only access set where required?
#9. Review Processes for Using Personal Data
Now look at all the processes you have for using that data. For each process, make sure it is GDPR compliant. For example, if someone downloads a free e-book, you may have them on an automated email sequence. Are all these processes keeping the personal data safe?
If someone buys a product from your website, where is that personal data stored to go with their sale information and invoice?
Finally, if someone contacts you with a data request asking to see what data you have stored, do you know who will reply to them and what timescale you are going to commit to doing it by? (GDPR requires you to do this within 1 month by the way.)
#10. Review Internal Handling of Data
Now look at how you handle data internally. Do you ever download data from your capture forms or e-shop or mailing list to a local computer/laptop? When you do, do you encrypt the file with a password?
The key thing here is you don’t want any accidental loss of personal data (e.g. laptop left on a train) so make sure to create new processes for storage of personal data to avoid this happening.
#11. Add Steps to Internal Policies
Add any required steps to internal policy documents that you have, e.g. for new people or for suppliers that you use. Ask existing staff or suppliers to read your new policies and confirm back to you that they will abide by them.
#12. Make Sure Business Contact Data is Also Secure
If you are storing business contacts with personal information for suppliers, partners etc, check that the place you are storing them is GDPR compliant.
#13. Fresh Eyes
Recommended listening: GDPR Is Coming To Get You – What You Need To Know – Blogcentric #101 podcast
Useful website: GDPR and You www.gdprandyou.ie
I hope this blog post has helped you to review your website and make sure it is GDPR ready. It’s taken us a while to get there and we’ll still working through all the steps but there’s nothing like a deadline to motivate you!
Over to you now. Is your website GDPR ready? Tell me in the comments below how you are getting on with getting ready for GDPR.