There's tonnes of chatter about GDPR, as you would expect, and lots of advice that contradicts, but there are some specific changes that you need to make to your website in order to become GDPR Compliant by the 25th May 2018 The boffins at it'seeze Head Office have released a checklist confirming what they will do, and what it'seeze clients need to do to ensure their it'seeze website is GDPR ready. 
The original Blog Post from it'seeze Head Office can be read here: GDPR Readiness Checklist
 
But what if you don't have an it'seeze website?  
 
There are some simple things that you might easily overlook on your website. This post expands on the advice given to it'seeze customers, to websites built on other platforms (WordPress, Yell, Wix etc)  
 
Disclaimer: Please note that this post does not constitute legal advice, nor is it an exhaustive list of what you need to do to ensure full GDPR compliance. If you have any concerns about legislation that affects your business, we would advise that you consult a solicitor or a certified GDPR practitioner. 
 
 
Cookie Policy 
When people visit your website, a message should appear so they can explicitly opt in to using the data collected from cookies.  
 
The cookie policy notice, may not display when you view your own website, because you've already opted-in. So it is important to check your cookie policy notice is displaying for new visitors to your website. The easiest way to do this, without loosing all your other cookies and site data, is to go to Chrome > Settings > Show Advanced Settings > Scroll to Privacy > Click Content Settings > Add your site to the "Clear on Exit" section: chrome://settings/content/cookies 
 
Commonly, I see cookie notices like the one below, which is not GDPR compliant as visitors cannot give explicit consent by opting-in and you cannot prevent people viewing your website simply because they do not want their data to be used through cookies. People have a right to view your website without you collecting data on them. 
 
This page describes our cookie policy for www.xxxxxxx.co.uk (the Website). 
If you do not accept this Cookie Policy please do not use this site. 
 
 
 
Privacy Policy 
You should already have a Privacy Policy on your website, and if you haven't already, then you will almost certainly need to update it in light of GDPR. Privacy Policies under GDPR 
 
Blog Comments 
If website visitors can leave a comment on your blog posts, you will need to gain their explicit consent to publish those comments. This can be done by having a tick box within a comments form (as I have below for this blog post), to confirm they consent to their name and comment being published on your site. 
 
Testimonials/Reviews 
You need explicit written consent to use reviews and/or testimonials that people have given about your products and/or services. In the past you may have just asked a customer for a testimonial or review, but now you must also advise the client how you will use their testimonial - such as on social media and on your website, and the client must confirm in writing that they agree to this.  
 
SSL 
Having an SSL certificate is important for SEO and it is increasingly recognised as a mark of trust for people visiting your website. But it's also important for GDPR/Data Protection. Read more on SSL Certificates 
 
Contact forms 
You don't need to include a tick box for content within enquiry form, as long as the text that relates to the form, makes it clear that you will use the information to contact the website visitor about your products/services. Within a contact form you should only request the minimum amount of information to effectively fulfill the purpose of the form - i.e. to make contact with the person.  
 
For newsletter sign-ups, giveaways etc, explicit consent for each marketing communication must be given by having a tick box to confirm people consent for their details to be used in the way outlined in the text alongside the form. Furthermore, you can no longer have a pre-ticked consent form. The tick box must be left empty for the person to give their explicit consent. 
 
Sound complicated? Leave it to it'seeze  
At it'seeze we've done many things to help our clients websites become GDPR compliant  
 
If you're not sure what you need to do with your website to be GDPR ready, contact us today. Call 0115 777 3001 or fill in our online enquiry form and we’ll be in touch. 
Share this post:

Leave a comment: