How will GDPR affect your website?

I’m sure that you are already aware that on 25th May 2018 the current Data Protection Directive 95/46/EC is being replaced by the General Data Protection Regulation (GDPR). This means the way we collect and process data is changing.

Essentially your website needs to make it clear what data you are collecting a how it will be used.

Below is a 5 step guide to help you be GDPR compliant.

 

1. No more pre-ticked boxes

For you to be able to collect and process users information, each user must given clear consent for you to process their personal data. This should be done as a OPT-IN method, for instance – users must be able to tick a box allow you to send them marketing material rather than that box being pre-ticked and the user is required to untick the box thereby making it an OPT-OUT option.

 

2. Separate consent

Wherever possible, users should be able choose which type of marketing they would like to receive.

3. Easy OPT-OUT

If you’re providing an easy Opt-In process, you must provide an equally easy Opt-Out option.

Users must be able to withdraw their consent. This could be allowing users to unsubscribe from your Newsletter.

 

4. Watch those cookies

Cookies that identify an invidual via their device, it is considered personal data and must be treat as such.

Implied is not consent – If your website uses cookies, you must obtain users permission.

Concerned about Google Analytics? – read Google’s response to GDPR

 

5. Website Privacy

You will need to update your website’s Privacy Policy to include the new items under GDPR. You will need to make it clear how you will be collecting individuals’ data and what you will be doing with the data once you have received it.

 

In Summary

  1. Replace your pre-ticked tick boxes with empty onces – remember clear consent is required.
  2. Give users more choice – Allow them to choose which type of marketing they would like to receive from you.
  3. Right to withdraw – Allow users to Opt-Out as easy as they can Opt-In.
  4. Declare your cookies – If your website uses cookies, you must give users the option to Opt-Out of using them.
  5. Website Privacy – Update your website privacy policy to come inline with the new GDPR.

 

GDPR is a complex regulation and extends far beyond your website. If you are in any doubt about your obligations to GDPR – we would suggest you contact a legal office.