Is your website GDPR friendly?
How to get your website up to standard
With the GDPR deadline already gone, people are thinking less and less about the legislation. What I want to discuss with you is some of the basic rules that most websites need to follow to align with GDPR. As well as some easy was to make your website GDPR friendly if it is not already.
GDPR requires that you have considered the following:
- Cookie and privacy pop up
- SSL certificate
- Newsletter sign up opt in
- Enquiry and contact forms
Cookie and Privacy pop up.
GDPR means that you can never assume that anyone has agreed for you to collect or store their information. This is where a popup comes in handy, the pop up makes people aware that you are collecting information about them. By them click this popup they are then consenting for you to gather this information about them.
Templates for this policy can also be found online, but we would also advise you have a professional look over all of your documents.
Secure Socket Certificate is an encryption layer that sits on the hosting space of the site. This certification adds a green padlock and the word secure next to the URL. If your site doesn’t have this certificate, then it will show not secure.
If your website doesn’t have this certificate, then you can buy one. Alternatively, you can take advantage of our website hosting which includes an SSL certificate for free.
If your company produces a newsletter, you want as many people to see it as possible. However, you can’t just have email anyone. Even if they have already given you their email address. GDPR means that they will have had to express their consent to receiving your newsletter. This can be in the form of a tick box at the bottom of a form, but the boxes default must be unticked. This is so the user can opt-in to get your newsletter as consent cannot be assumed. Services like Mailchimp make it easy to be GDPR compliant when using a newsletter and offer double opt-in.
If your website has a contact or enquiry form, then it must have the following in place to ensure that the data that you are collecting is secure.
- SSL Certificate.
- The SQL database must be encrypted. If your database is not encrypted, then the data must be stored in another location.
- Printed emails must be destroyed securely, this normally involves shredding. As printing emails can create an easy data breach and should be avoided where possible.
- Any consensual tick box must be unticked by default.
- Your email provider must also comply with the GDPR. All emails that are sent and stored must adhere to the legislation. Many email providers will have privacy policies that adhere to GDPR. As emails are one of the more common places that private data can get misplaced, missed used or abused.
There are many ways that GDPR effects websites. These are just some of the basic rules that websites need to follow. GDPR applies where ever a website collects data. This includes some collection methods that we haven’t covered. E-commerce’s website would be an example of this. This type of site will collect more data than an email address or cookies. So, this data collection needs to be considered in regard to the GDPR legislation.
This article was prepared by Brink Media as guidance only. Neither Brink Media or the author accepts any responsibility or liability that might occur directly or indirectly as a consequence of the use, application or reliance on this material.