Is Your Website GDPR Compliant?
As a business owner, there is a huge need to take a responsible approach in all aspects of your organisation. However, this is particularly pertinent with regards to data protection, especially online.
By now, you’ve probably heard about GDPR (General Data Protection Regulation). So, what does your company need to know about website compliance? Remember, your website is your shop window and it can give a clear picture whether your business is GDPR compliant or not.
Let’s take a closer look.
What Is GDPR?
The General Data Protection Regulation is the EU’s newest solution to keep the consumer’s personal details safe whilst online. Companies and websites will be required to satisfy those obligations before May 25th, 2018. This includes those that are based outside of the EU but have customers from inside it.
- days
- hours
- minutes
- seconds
How To Ensure Your Website Is GDPR Compliant
Here is a list of website updates that need attention to ensure your website is GDPR compliant:
- Inform visitors about your website’s intentions to collect their information. This is best achieved through the addition of a ‘privacy policy’ page, and should explain the type of data you’ll use and why. The length of time that data will be held must be declared to meet the GDPR regulations too.
- List ALL types of data being collected by the site, and whether they allow third-party access. With less data collected, you’ll be at reduced liability should a breach occur. We recommend this in a website footer file called ‘Cookies’.
- Embrace data encryption as it is a central part of your data protection strategy. An SSL certification is the minimal website requirement needed to protect the stored data on your website server.
- Set all ‘consent forms’ to be unchecked by default so that users must actively opt-in. These forms must be separate from normal terms and conditions. The fact that visitors must provide confirmation keeps your site compliant with the GDPR rulings.
- Disclose details regarding Data Protection Officers or people that can access any user details. Aside from making this clear for all users, you must provide an easy point of access so that they can make inquiries related to their personal data being stored in a database.
- Understand the ‘Right to be Forgotten’ regulations, and have a plan in place. Users have the right to delete their details from your site, but doing this manually can be time-consuming. Being ready to do this in an automatic and in a timely manner is key. We recommend a new policy in your website footer called ‘Terms of Use’.
- Extend your data protection facilities to mobile websites and Apps, should you have them. These facilities now account for over half of all online interactions. The GDPR stipulates that data collection rules must, therefore, be present with those features.
- Know how to act if a breach of data does occur on your website. From contacting the right authorities to filling in the right forms, it’s vital that you ready to act fast. Otherwise, you will fall short of the GDPR requirements.
Aside from the legal requirements, compliance with GDPR protects your business and its customers. While there are still a few weeks to complete the necessary upgrades, now is the perfect time to get started.