I’m sure that you are already aware that on 25th May 2018 the current Data Protection Directive 95/46/EC is being replaced by the General Data Protection Regulation (GDPR). This means the way we collect and process data is changing.
Essentially your website needs to make it clear what data you are collecting a how it will be used.
Below is a 5 step guide to help you be GDPR compliant.
1. No more pre-ticked boxes
For you to be able to collect and process users information, each user must given clear consent for you to process their personal data. This should be done as a OPT-IN method, for instance – users must be able to tick a box allow you to send them marketing material rather than that box being pre-ticked and the user is required to untick the box thereby making it an OPT-OUT option.
2. Separate consent
Wherever possible, users should be able choose which type of marketing they would like to receive.
3. Easy OPT-OUT
If you’re providing an easy Opt-In process, you must provide an equally easy Opt-Out option.
Users must be able to withdraw their consent. This could be allowing users to unsubscribe from your Newsletter.
4. Watch those cookies
Cookies that identify an invidual via their device, it is considered personal data and must be treat as such.
Concerned about Google Analytics? – read Google’s response to GDPR
5. Website Privacy
- Replace your pre-ticked tick boxes with empty onces – remember clear consent is required.
- Give users more choice – Allow them to choose which type of marketing they would like to receive from you.
- Right to withdraw – Allow users to Opt-Out as easy as they can Opt-In.
GDPR is a complex regulation and extends far beyond your website. If you are in any doubt about your obligations to GDPR – we would suggest you contact a legal office.