What is the GDPR?
The General Data Protection Regulation (GDPR) is a new EU regulation affecting EU citizens and residents both within the EU and worldwide; designed to strengthen data protection laws and give users more control over how and what personal information is collected.
The new regulations affect anyone who collects and / or processes personal data, including organisations and websites that use internal databases, CRMs and even email.
You can read the full GDPR document here, however we’ve outlined the key points that will affect your website, and how you can make it compliant.
The GDPR comes into effect from May 25th 2018.
How this affects your website
Explicit consent must be given when collecting data from web forms, without it you cannot store or use the data. This means that most web forms, including contact forms, user sign up forms and newsletters should now have an opt-in checkbox. An example of explicit consent would be:
‘I give [Your Website] consent to store my personal data’
This allows you to store data for a ‘reasonable’ amount of time, unless you can prove an ongoing relationship. You can also contact the user regarding the current service rendered.
To use these personal details for promotional purposes, you need an additional checkbox to gain explicit consent, for example:
‘I give [Your Website] explicit consent to contact me for promotional purposes’
If you plan for third parties to have access to and use these details for promotional purposes, including different trading names of your company, you should once again gain explicit consent, for example:
‘I give [Third Party] explicit consent to store my details and contact me for promotional purposes’
This is the most basic coverage required for GDPR compliance, however you can expand on this and give more control back to the user by using granular opt-in options and allowing them to choose the method by which they can be contacted via separate check boxes for Email, Phone, Fax and Post.
Further information on web form compliance can be found at the bottom of this article.
What you do with the information captured.
You should outline the reasons for information capture, for example, to improve your products and services, market research etc.
What information is captured.
How can a user control what information you store on them.
Users should be able to request access to their personal data you have stored, and how they can restrict information gathered and instructions on requesting removal of all personal data.
- What a cookie is and why you use them.
- What cookies are used on your website and their purpose.
- Third parties that set cookies on your site, making the user aware the third party is responsible for any cookies they may set and where information on these can be found.
Your website may use our Engage form builder plugin. If so, you should to be aware that currently all submitted messages are indefinitely stored securely in your WordPress admin panel. These messages should be purged accordingly within a reasonable time frame as part of your data processes to meet GDPR compliance.
These are some additional actions which registered companies and charities should take to comply with UK law:
- Registered Company / Charity Number easily accessible
- VAT Number easily accessible
- Registered Address easily accessible
These details can either be added to a page on your website or to the footer.
GDPR comes into effect on May 25th 2018, and you should ensure that you comply with the new regulations before this date. We have compiled a simplified checklist below to ensure your website is compliant:
- Cookie Notice
- Web forms have opt-in consent checkboxes
- Review and purge message data from Engage
- Review and purge data stored by other plugins, for example, WooCommerce
How we can help
To ensure your website is compliant before the deadline please contact us as soon as possible so that we can work with you and make changes where required.
We recommend you find out more about what you need to do to ensure compliance with GDPR across all aspects of your company. Please use the links below for useful information.
Official GDPR website
Useful templates / documentation
Note: This is intended to provide an overview of how GDPR affects your website and is not a definitive statement of the law. For a definitive guide, check out the Information Commisioner’s Office website.