GDPR Compliance Checklist: Is Your Website Compliant?
GDPR Compliance Checklist – Free Guide!
GDPR Compliance Checklist: with Halloween upon us, let us help you avoid a website GDPR nightmare.
General Data Protection Regulation (GDPR) was introduced by the EU on the 25th of May 2018.
Individuals were given the right to access their data, decide how it is used and when it is deleted.
But we’re leaving the EU right?
That doesn’t mean we can ignore GDPR.
If you want to trade with the EU your website will have to comply with GDPR.
If you have a data breach and haven’t attempted to comply with GDPR you can be fined 4% of your annual turnover.
While we always advise that you seek legal advice to ensure that you meet all GDPR regulations, hopefully this checklist will help you get started on making your website GDPR compliant.
To comply with GDPR there is are two fairly straight forward rules to follow:
- Be 100% transparent
- Make it user-friendly
Privacy policy and terms & conditions
These must be in clear, jargon-free and plain English. You’ll need to:
- Explain how and why you are collecting data
- Define all personal data you collect, process or store (this includes IP addresses)
- Outline all specific data uses
- State how long you will keep the data
Cookies
A cookies notice should be given if you or any third-party software uses them on your site. Make sure:
- You clearly state what information is collected any way you use them
- Consent must be given by the visitor for your site to use cookies.
Data storage
If your website collects any personal information you need to ensure that it is secure. Consider:
- Has the data been stored in a safe manner (encryption/anonymisation)?
- Has the data been held longer than stated in the terms and conditions?
Data Use
All uses of data need to be clearly defined and opted into individually. This includes historical data, you might want to question:
- Do you have appropriate consent to keep the data?
- e.g. Email addresses collected before an opt-in/out scheme do not have appropriate consent.
- If the data use has changed the original consent no longer applied?
- e.g. Emails collected for a newsletter for cannot be used for offers and promotions!
Subscriptions and Forms
All forms should be clear and simple. Think about:
- Active Opt-in: Opt-out or pre-filled tick boxes are not acceptable. The user must freely make the decision. Defaults should be either blank or ‘disagree’.
- Separate Opt-in: For each method (SMS, email, post) and type (newsletter, offers & promotions) a separate consent box should be provided.
- Third Party Sharing: Any third parties sharing the data need to be clearly named.
- Easy Opt-out: It should be clear that consent can be withdrawn. If your website has a login area opt-outs should be made easily accessible.
It’s not just your website that needs to be GDPR compliant.
All personal data that you hold on customers, staff members, vendors and prospects needs to comply with GDPR.
That means performing a data protection assessment.
For more information and official guidance on data protection impact assessments take a look at the ICO’s official page.
Author
Search Blog
Free PPC Audit
Subscribe to our Newsletter
The Voices of Our Success: Your Words, Our Pride
Don't just take our word for it. With over 100+ five-star reviews, we let our work-and our satisfied clients-speak for us.
"We have been working with PPC Geeks for around 6 months and have found Mark and the team to be very impressive. Having worked with a few companies in this and similar sectors, I rate PPC Geeks as the strongest I have come across. They have taken time to understand our business, our market and competitors and supported us to devise a strategy to generate business. I value the expertise Mark and his team provide and trust them to make the best recommendations for the long-term."
~ Just Go, Alasdair Anderson