Important information about your site and GDPR

On the 25th of May 2018 the EU’s new privacy laws will come into effect. I am trying to help my customers understand and comply with the new changes.

If you answer yes to any of the following questions then I’d recommend getting your website updated to comply with the new laws. Get in touch if you’re not sure whether you need to do anything.

  • Does your site have a contact form?
  • Does your site use Google Analytics for statistics?
  • Do you collect email addresses for a newsletter or email marketing purposes?
  • Does your site have order forms?
  • Is your site an e-commerce website?
  • Is your site a custom or specialised application?

The new laws can be quite daunting especially for smaller sites and companies. Please get in touch if you have any questions about whether GDPR affects your website or whether your site needs some additional work to get it up to compliance.

Here are some things to do to bring your site up to compliance:

For small sites with just a contact form and analytics then I’d recommend updating the form so it sends directly to email and doesn’t store the information in the database. Also, you should add a privacy notice to your website so users know that Analytics is installed but that you are not collecting any personally identifiable information and make sure that your analytics code has anonymizeIP set so it doesn’t collect IP addresses.

If you use email marketing then you should check that it has a double opt-in and that checkboxes are not automatically checked in the sign-up form. It’s also a good idea to send an email to all current lists allowing them to delete their email if they don’t want mail from you in the future. You should also have a privacy notice that explains how and where you collect the information and how users can delete the data.

Order forms should be sent directly to email rather than being stored on the server or database. That’s one of the quickest ways to make sure you don’t have any personal information stored on your site but you’ll still have to mention it in your privacy notice and tell customers how you’ll use the information.

E-commerce sites should consider allowing only guest checkout so that users don’t have to register to order. If that’s not possible then there should be plugins in place so that users can download the data you have on them and also delete all data you hold on them quickly. A privacy policy and notice is also important and the site security is of utmost importance since e-commerce solutions store more personal data than most websites.

Custom or specialised applications will need to take a good look at what data they store. There should be ways to delete the data on request and also download the data if required. A privacy policy and a clear security policy is also important. The less information stored, the better.
Make sure you also have a cookie banner letting users know that by using the site they are approving the use of cookies. So far there is still a lot of confusion about the correct way to implement this cookie consent, but until that becomes clear, the cookie bar is enough. I will let you know in the future if there are any changes to this.

Leave a Reply

Your email address will not be published. Required fields are marked *