Posted on 19th May 2018 at 15:34 by Phil Revill
There's tonnes of chatter about GDPR, as you would expect, and lots of advice that contradicts, but there are some specific changes that you need to make to your website in order to become GDPR Compliant by the 25th May 2018 The boffins at it'seeze Head Office have released a checklist confirming what they will do, and what it'seeze clients need to do to ensure their it'seeze website is GDPR ready.
The original Blog Post from it'seeze Head Office can be read here: GDPR Readiness Checklist.
But what if you don't have an it'seeze website?
There are some simple things that you might easily overlook on your website. This post expands on the advice given to it'seeze customers, to websites built on other platforms (WordPress, Yell, Wix etc)
Disclaimer: Please note that this post does not constitute legal advice, nor is it an exhaustive list of what you need to do to ensure full GDPR compliance. If you have any concerns about legislation that affects your business, we would advise that you consult a solicitor or a certified GDPR practitioner.
When people visit your website, a message should appear so they can explicitly opt-in to using the data collected from cookies.
Commonly, I see cookie notices like the one below, which is not GDPR compliant as visitors cannot give explicit consent by opting-in and you cannot prevent people viewing your website simply because they do not want their data to be used through cookies. People have a right to view your website without you collecting data on them.
If website visitors can leave a comment on your blog posts, you will need to gain their explicit consent to publish those comments. This can be done by having a tick box within a comments form (as I have below for this blog post), to confirm they consent to their name and comment being published on your site.
You need explicit written consent to use reviews and/or testimonials that people have given about your products and/or services. In the past you may have just asked a customer for a testimonial or review, but now you must also advise the client how you will use their testimonial - such as on social media and on your website, and the client must confirm in writing that they agree to this.
Having an SSL certificate is important for SEO and it is increasingly recognised as a mark of trust for people visiting your website. But it's also important for GDPR/Data Protection. Read more on SSL Certificates
You don't need to include a tick box for content within enquiry form, as long as the text that relates to the form, makes it clear that you will use the information to contact the website visitor about your products/services. Within a contact form you should only request the minimum amount of information to effectively fulfill the purpose of the form - i.e to make contact with the person.
For newsletter sign-ups, giveaways etc, explicit consent for each marketing communication must be given by having a tick box to confirm people consent for their details to be used in the way outlined in the text alongside the form. Furthermore, you can no longer have a pre-ticked consent form. The tick box must be left empty for the person to give their explicit consent.
Sound complicated? Leave it to it'seeze
At it'seeze we've done many things to help our clients websites become GDPR compliant
Share this post: