What is the GDPR?

The General Data Protection Regulation (GDPR) is a new EU regulation affecting EU citizens and residents both within the EU and worldwide; designed to strengthen data protection laws and give users more control over how and what personal information is collected.

The new regulations affect anyone who collects and / or processes personal data, including organisations and websites that use internal databases, CRMs and even email.

You can read the full GDPR document here, however we’ve outlined the key points that will affect your website, and how you can make it compliant.

The GDPR comes into effect from May 25th 2018.

How this affects your website

Forms

Explicit consent must be given when collecting data from web forms, without it you cannot store or use the data. This means that most web forms, including contact forms, user sign up forms and newsletters should now have an opt-in checkbox. An example of explicit consent would be:

‘I give [Your Website] consent to store my personal data’

This allows you to store data for a ‘reasonable’ amount of time, unless you can prove an ongoing relationship. You can also contact the user regarding the current service rendered.

To use these personal details for promotional purposes, you need an additional checkbox to gain explicit consent, for example:

‘I give [Your Website] explicit consent to contact me for promotional purposes’

If you plan for third parties to have access to and use these details for promotional purposes, including different trading names of your company, you should once again gain explicit consent, for example:

‘I give [Third Party] explicit consent to store my details and contact me for promotional purposes’

This is the most basic coverage required for GDPR compliance, however you can expand on this and give more control back to the user by using granular opt-in options and allowing them to choose the method by which they can be contacted via separate check boxes for Email, Phone, Fax and Post.

Further information on web form compliance can be found at the bottom of this article.

Privacy Policy

Your privacy policy should be easily accessible, and at minimum should explain the following:

What you do with the information captured.
You should outline the reasons for information capture, for example, to improve your products and services, market research etc.

What information is captured.

How can a user control what information you store on them.
Users should be able to request access to their personal data you have stored, and how they can restrict information gathered and instructions on requesting removal of all personal data.

Cookies

Cookie Notice
You should display a clear cookie notice when a user first visits your site, explaining that your site uses cookies and linking to the cookie policy. A user must then manually close this notice to accept (usually in the form of an accept or dismiss button).

Cookie Policy
Your site should have an easily accessible cookie policy, either as part of a privacy policy or as a separate document. Your cookie policy should explain:

  • What a cookie is and why you use them.
  • What cookies are used on your website and their purpose.
  • How a user is alerted to the use of cookies.
  • Third parties that set cookies on your site, making the user aware the third party is responsible for any cookies they may set and where information on these can be found.

Terms of use

Terms of use can vary depending on your websites functionality and content. You should seek legal advice to ensure your terms fully meet your requirements.

Engage Plugin

Your website may use our Engage form builder plugin. If so, you should to be aware that currently all submitted messages are indefinitely stored securely in your WordPress admin panel. These messages should be purged accordingly within a reasonable time frame as part of your data processes to meet GDPR compliance.

Additional Actions

These are some additional actions which registered companies and charities should take to comply with UK law:

  • Registered Company / Charity Number easily accessible
  • VAT Number easily accessible
  • Registered Address easily accessible

These details can either be added to a page on your website or to the footer.

What next?

GDPR comes into effect on May 25th 2018, and you should ensure that you comply with the new regulations before this date. We have compiled a simplified checklist below to ensure your website is compliant:

  • Privacy and Cookie Policy
  • Cookie Notice
  • Web forms have opt-in consent checkboxes
  • Review and purge message data from Engage
  • Review and purge data stored by other plugins, for example, WooCommerce
  • Terms of Use

How we can help

To ensure your website is compliant before the deadline please contact us as soon as possible so that we can work with you and make changes where required.

Additional Reading

We recommend you find out more about what you need to do to ensure compliance with GDPR across all aspects of your company. Please use the links below for useful information.

Official GDPR website
https://www.eugdpr.org/

Explicit Consent
https://www.hallaminternet.com/how-to-make-your-website-gdpr-compliant/

Useful templates / documentation
https://wewillthrive.co.uk/resources/blogs/gdpr-where-to-start

Note: This is intended to provide an overview of how GDPR affects your website and is not a definitive statement of the law. For a definitive guide, check out the Information Commisioner’s Office website.