What is this GDPR all about?

GDPR (general data protection regulation) is an EU regulation (yes it will still effect the UK when we leave the EU). It’s all about protecting data you receive or store, and this includes websites internal databases CRM’s and emails.

If you have the time to read the full GDPR document here it is. It’s not as exciting as reading a Harry Potter novel, and certainly won’t start a movie franchise, but it is important.

One regulation for all

The rules apply across all of the EU member states with each one designating a Supervisory Authority (SA) to check everyone out.

It’s about letting people know, and a big part of the rules is letting people know what their data is being used for, how long it will be used, and who will use it.

Most of our clients will just have a simple contact form on their website.  9 times out of 10 that email will go into a database that hides behind your website.

You simply need to let users know the information is or not used for any other purpose other than communication between you and them.

Deleting the data when it’s not needed is good practice too, as at the end of the day you will have received their email so why store it in a database?

If you want to use the information for your own marketing, sending marketing emails, postal mailers or anything else you need to get their permission first. Give them the choice to opt in or out of mailing lists. Also make sure you keep a record to prove you have their permission.

Make it plain and simple for them to remove themselves from the mailing list if they choose to do so. Hopefully they will want to continue receiving your wonderful, informative, and interesting marketing material.

Respect your customers

Your customers have the right to erase their data. If an individual or company asks you to remove their data from your systems, you have to remove it, including backups.

Privacy is part of good website

As we all know the privacy setting on some social media sites has recently been questionable. With you the user, having to go in to the setting and turn up your privacy instead of the friendly way giving you the option to downgrade.

You may have seen in the past the little checkbox on a website form (nicely already checked for you) saying subscribe to our mailing list. Instead of leaving it unchecked for you to opt in. A sneaky trick perhaps to send you information.

Today I came across a blog piece offering a free download of a GDPR compliance document from a training organisation. I filled in my information and decided not to click the button to opt into the companies mailing list.

Only to find when I pressed submit, I had to opt in to their mailing list to receive the document. Not even a privacy policy to be found on the site. Ironic.

But we are leaving the EU, so why bother?

The lovely people in government have decided on our behalf that EU law is being written in to ours. If you do trade online with the EU you would have to comply anyway.

So, what if I don’t bother about it?

Noncompliance with the GDPR is 20,000,000 Euros fine or up to 4% of your annual worldwide turnover. I don’t have the information on fines for non compliance for sole traders, but I don’t think handy Andy has that sort of cash flow.

Third party processers

You mail may use Mail Chimp, Google etc which controls your data. The GDPR call this third party processors. Most of these are US based and are going through a similar process as we are in the EU if they have not already.

So how do I make my website GDPR compliant?

Firstly, list all of your data processors including the third-party ones and ask yourself this:

  • What is each one used for?
  • Where is the data stored?
  • Do you need to keep the data?

Check the privacy polices of each third party processor and make sure they are GDPR compliant or US based ones should be Privacy Shield compliant. If they are not contact them and find out when they plan to come in line with everyone else. If they are not becoming compliant you need to find an alternative and ask for a copy of the data. You also need to ask them to delete the data and back-ups from their systems.

Privacy policy

Create a privacy policy page; it does not have to be complex. Simple and clear and straight to the point. This should inform people how and what you are using their data for.

Check for weak links

Other than the third party processors are there any other parts of your website that need strengthening? Check that you email is encrypted (ask your email host), and if your website is secure (https).

If your email forms are saved to database, delete the information from it. You have the email so it’s just their taking up space anyhow.

I hope this helps you keep your website GDPR compliant, if you have any questions please get in touch using our GDPR compliant contact form.

We won’t add you to a mailing list, use your email to send you useless emails about Bitcoin or Viagra, nor will we or sell your phone number to a ‘no win no fee’ call centre.