Make Your Website GDPR Compliant Today
The implementation of the new GDPR has been heralded for quite some time now. While many companies in the EU diligently contracted compliance professionals, others struggled to understand every aspect of the new regulation and make their company GDPR compliant with existing staff.
The GDPR, implemented on the 25th of May, 2018 is now active and companies who have yet to oblige by its rules must start right away. As with any new law, the GDPR is an exhaustive and often confusing piece of legislation. In this post, we break it down for you.
Needless to say, being GDPR compliant saves you from severe fines. To avoid suffering the same fate as Facebook and Google, who faced fines of over 9 billion for breaching the law, it is high time to give your website and subsequent online activities a makeover.
One of the main aims of this data protection law is to give users control over how their private data is handled by companies. Keeping this in mind, let’s explore 10 ways you can make every aspect of your company’s website GDPR compliant.
Revamp Forms
Under the new regulations, every company must redesign their forms if the default option under contact preferences is ticked Yes. In the pre-GDPR era, many companies got away with sneakily tricking customers into giving them the permission to send promotional content or use their contact information for marketing purposes.
All that changes now. Work with your web development team to redesign any existing form on your website, whether it’s for a newsletter subscription or job application and remove the default option. Customers must opt-in themselves in they wish to be contacted.
Unbundled Opt-In
In your forms, consent should be asked separately for accepting the T&Cs and any other consent for the use of customer’s private data. This means every consent option should be laid out clearly and separately with the tick boxes to accept or reject permission.
For example, while a customer may agree will your company’s T&Cs, they may not want to hear about new offers and discount deals. Therefore, permission should be sought out separately for every reason you may want to contact them for.
Granular Opt-In
Taking the previous rule a step further, here you should ensure that you distinguish between the different modes of communication and ask for permission separately for each one, i.e. when you ask customers, ‘How would you like to be contacted?’ You must provide tick boxes next to all options such as: Telephone, Post and Email. This is done to give customers full control over how their data is used to contact them.
Easy Opt-Out Option
It’s only fair that opting out should be as easy as opting in. In addition to placing an opt-out icon below all your communications, it is important to give customers the freedom to modify their contact preferences within a few clicks.
Not only does this reduce the loss of a customer’s contact permission privileges for you, it also makes them happy to know they have control over what sort of email, text messages or mails they receive from you.
Name Third Parties
It’s common knowledge that if you wish to share your customer’s contact details with other companies, you have to seek permission.
However, under the new law, you can’t stop at that. Reveal the third-party names that you wish to share the data with. Many companies in the UK have multiple divisions, such as John Lewis/John Lewis Financial, etc. It is important to name them and seek permission for each separately.
Privacy Policy and T&Cs
You will have to modify the privacy policy and terms and conditions on your website to reflect the new regulations in GDPR terminology. In these documents, make it clear how you intend to use this data, and for how long.
Additionally, you must explicitly explain your reasons for collecting data and how you track user interactions, including any applications you may use.
Online Payments
If you accept online payments, it is likely that you store personal information before it reaches the payment gateway.
Under the new law, you must remove any personal information after a reasonable time period.
GDPR doesn’t state a specific time, but 60 days is a reasonable time to hold on to the information before erasing it from your system.
Third-Party Tracking Application
Suppliers of cookie tracking software such as CANDDI and Lead Forensics, track customer behavior every time they visit a website.
However, it is not very clear how they track website users and how it affects them. Providers of these tools must elicit they are GDPR compliant and explain how their tracking software work.
As a business owner, it should be a priority for you to assess compliance risks associated with using these third party tracking software and review your contract to ensure their policies are GDPR compliant.
Google Analytics
If you use Google Analytics to track website users, you may be interested in finding out how Google has updated their policies to become GDPR compliant. As they provide ‘anonymous tracking’, personal data is not stored and GDPR doesn’t have much of an effect on the way they operate.
Redesigning Your Website
In addition to rewriting your privacy policy, T&Cs and consent forms, take the new regulation as an opportunity to redesign other aspects of your website and operations. Learn more about the best practices on storing customer data, formulating an email campaign to ask for new consent and reassess the safety of your data storing software.
While at first glance, GDPR may seem like an additional load on your existing legal arrangements, it is actually in fact a win-win situation for companies and customers.
Customers appreciate transparency and control over their private information. By entrusting you with their details, it becomes your responsibility to use that information carefully and improve your business data. Use this legislation as a way to connect and engage openly and truthfully with your customers.
Need Professional Help?
Search Berg is an award-winning company specializing in website design and development.
Our diverse and professional services have been used by hundreds of clients, operating in different parts of the world such as Europe, Asia and North America and the Middle East.
Contact us and let our team of brilliant team of website developers making the challenging demands of GDPR easy for your company.
