Are you ready for GDPR?

how to get ready for GDPR

You have less than 30 days to make sure your website and marketing is compliant with the EU’s General Data Protection Regulation (GDPR), coming into effect on 25 May 2018. Are you ready? Legal advice should always sought about complying with GDPR, but here are some of the key things you need to be aware of…


What is the GDPR?

The GDPR, or General Data Protection Regulation, has the powers to ensure all companies within the EU comply with new legislation involving the collection, storage and use of customer information and data.

To be clear, this includes ALL forms of customer data, including:

  • Photos
  • Social media posts
  • IP addresses (gathered from analytics software for example)
  • Bank details
  • Identify numbers such as NIs and SSNs

It’s important to note that the principles outlined in the General Data Protection Regulation (GDPR) are not a million miles away from those outlined in the Data Protection Act. If you are complying with those principles, you’ll mostly be ok. However, there are a few significant changes that you must abide by.


What do I need to know for my online store or website?

As a web design firm, our customers want to know how to ensure their sites are compliant.

From a front-end perspective, there are several key aspects you will need to change in the running of your online stores:


Think how you are asking for data.

For example, if you ask a visitor to subscribe to a newsletter then the form must default to “no” or be blank.

You mustn’t “bundle” consent either when you are using the data for different purposes. So in your forms, there should be separate checkboxes for things like accepting your terms, subscribing to the newsletter or receiving special offers.

Confusing legal language is no longer acceptable. Be clear, legible and transparent.

The visitor needs to know what they are giving their consent to, and you need to explain why you are asking for it.


The right to be forgotten

Customers should be able to delete their accounts and ‘be forgotten’ by you as a company. This should be an easy process. We recommend for small businesses that you ensure you are easily contactable, if anyone wants to request this.


Third party headaches

If you share data with third parties, you need to put some work in to ensure your site is clear on this. Luckily, most basic websites containing a simple contact form won’t need to worry as they don’t share customer data.


Include a privacy notice in your footer

The Information Commissioner’s Office (ICO) has provided a sample privacy notice that you can use on your website. It is concise, transparent, and easily accessible.


Think about cookies

If your site uses tracking or reporting software, like analytics or conversion tools, then you will likely be using cookies. You will need to notify visitors and ask them to accept.

We also recommend having a page on your site outlining what cookies you have and how they are used.


Make sure your website loads over HTTPS

Click here for more info


You can receive big fines if GDPR is breached

So get it sorted today!

If you are a big business, you need to appoint a Data Protection Officer, whose first responsibility is to report these breaches.


Don’t delay

These are just a few of the key changes you need to be aware of to be compliant with the law. Of course, we recommend you seek professional legal advice where necessary. If in doubt, or if you’d like us to help with any of these changes, just get in touch. Remember: it is your responsibility as the business owner to make sure your website and marketing is compliant, the fines for failing to do so can be very high. Don’t delay!


About the author

Dan Wiseman

Founder & director of Web Wise. He writes about web design, marketing, entrepreneurship, investing and games. Dan regularly speaks on these subjects and is available for coaching and consultancy.

More articles