How to make your website GDPR compliant?

Do you have a website? Is it GDPR compliant? Do you know how will the GDPR impact your business? These are all questions that you should ask as a business owner or manager. Your website will have to be GDPR compliant by May 2018, and lack of compliance could mean hefty fines from the European Union.

Here are 5 things you should consider in order to make your website GDPR compliant.

Disclaimer: These are some tips to help you understand the impact of GDPR compliance. Make sure you search for legal advice in case you are not sure how to tackle the new European Regulation, before May 25th.

1 – Privacy Policy and Terms & Conditions

Privacy Policy and Terms & Conditions - GDPR

Making sure your website has a section informing visitors of how their data is being collected and

processed is a great start. Share as much information as you can. What type of data is being collected, why is the data being collected and for how long will you keep the information, are questions that you should answer clearly in this page(s).

The GDPR will require websites to provide detailed information about collecting data. Provide full disclosure on how you are handling this data and how it impacts user privacy.

2 – Be more transparent about consent forms

Many websites tend to include implicit consent when subscribing to a newsletter, or registering to download a free e-book. This means that email listings consent is often buried under lengthy terms and conditions or already checked.

Under the GDPR the user will have to actively give consent. All consent forms boxes will have to be unchecked by default. Users need click on an approval button or a check box to confirm the acceptance of any terms.

Source: SuperOffice
Source: SuperOffice

Additionally, in most cases you need to separate terms and conditions consent from promotional consent. Make sure you have a general terms and conditions box and a promotional offers’ box. The key here is to be specific and transparent in regards to consent forms.

3 – An SSL certificate is essential

SSL certificate - GDPR

You must encrypt all your website data in order to comply with GDPR. While some web browsers started penalizing unsafe websites in 2017, there are still many websites without an SSL certificate.  You will need to install an SSL certificate to make sure all data is secure.

You can easily check whether your website has an encrypted connection, by looking for a green padlock symbol on the address bar of your browser when visiting the website. If the green lock is missing, make sure you contact your IT officer or your hosting provider to learn how to correct this.

4 – Google Analytics and Google Tag Manager

As a website owner you probably use Google Analytics to track user behavior. You can start by checking Google’s commitment to GDPR,
Google Analytics - GDPRbut Google Analytics is built as an anonymous tracking system, so no “personal data” is collected.

You should state nonetheless that you use Google Analytics to track user activity on your website. The same applies to Google Tag Manager.

However, in both cases make sure that whoever has access to this data understands the legal responsibility as a data processor and controller.

5 – GDPR changes will affect your business not just your website

The fact of the matter is that any changes introduced by the GDPR will affect your business as whole, not just your website. Make sure you tackle a few key points before May’s deadline:

  • What personal user data do you have stored? Do you understand how you should process this data?
  • Was the data obtained under clear consent?
  • Have you defined clearly for how long you retain personal data?
  • Is your data stored securely, this of course includes the technology used as well as the people responsible for handling the data.

The GDPR enters into force on 25 May 2018, if you own a business make sure you have taken the necessary steps towards compliance.

Sources: The Hallam BlogGDPR Legislation, Google Compliance

Leave a Reply

Your email address will not be published. Required fields are marked *