Unless you have been living under a rock the last few months, you will no doubt have heard about GDPR. If you haven’t, it stands for General Data Protection Regulation and is a new piece of EU legislation that recently came into effect. The aim of it is to give EU citizens more control of their data and how it is processed and stored.
The regulations came into effect on May 25, so if your site isn’t already compliant, you need to get it sorted now! If you are accepting traffic from EU countries and processing data on behalf of EU citizens then you are affected and need to comply.
If you want to learn more about GDPR itself, there are many great resources online including from the UK Information Commissioners Office (link: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/)
Depending on the complexity of your website this list will vary, but it is aimed to be a rough guide:
If you don’t already have one, and you should for many reasons, then now is the time to fully protect your website with an SSL certificate! It’s an easy task and crucial to protecting users privacy and security while interacting with your site.
Implied and clear consent
This one is very important. Remember that form you created where you decided to pre-tick some boxes to make sure as many people as possible signed up to your newsletter? That is a big no! You will need to change all forms to have those fields not pre-selected.
The other area is to ensure the user has a clear understanding and agreement of how you may contact them. It is no longer sufficient to just say “You agree to us contacting you for marketing purposes”, instead you should give the user each method you might contact them by and let them opt-in individually. If by opting in they might be contacted by more than one company (for example if you have a group of companies, or a set of partners) then give the user granular options as appropriate rather than a blanket opt-in for all companies. If you plan to pass their details onto a third party or any related company the user would not reasonably understand their details would be passed to, you need to have a clear set of checkboxes for opt in.
Easy to withdraw consent
Data Retention and Deletion