GDPR has made big waves in the world of data protection this year. Have you made sure your website is GDPR compliant? Here are some changes that you should have had in place by May this year and if not, you’ll want to deal with it quickly to keep your customers happy and you on the right side of the law:
- Active Opt-In Forms
Any forms on your website that ask users to subscribe to a newsletter or specify contact preferences must be blank or set to default to ‘no’. A customer must now actively opt-in and you’ll need to check any forms on your site comply with this directive. For help with your website needs, contact respected web designers in Reading.
- Separate Opt-In Option
The active opt-in you need from visitors to your site must be set out separately from any terms and conditions consent or the collection of data for any other purposes. The opt-in for communication and newsletters must unbundled from other consent requests.
- Easy Withdrawal
It must now be just as straightforward for a customer to withdraw their consent as it is to give it. This right to withdrawal must also be made clear to the customer. For a user of your site, this could mean that unsubscribing could involve selectively removing consent to specific forms of communication and not others, reduce the frequency of those communications or remove themselves completely from the mailing list.
- Named Third Parties
After GDPR, your web forms need to identify each third party for which you are seeking consent. Each organisation must now be named. However, this remains an opt-out system as opposed to an opt-in.
- Privacy and T&Cs
You can use the sample privacy notice available on the Information Commissioner’s Office website which is clear and accessible. Terms and conditions also need to be updated on your site to give reference to the new GDPR terminology. You need to clearly state what you will do with information gathered from your website and other systems of your business. You must also state how long you will hold that information. An explanation of how and why you are collecting that data must be supplied, as does any tracking of user interaction.
- Online Payments
If you’ve been operating as an e-commerce company, then you’ll most probably have been using a payment gateway for all financial transactions. This could mean that your website is collecting data before sending it on to the gateway. If this is occurring, you will now need to modify your processes to ensure that any personal information is removed after a reasonable length of time. The GDPR does not specify an actual length of time and this is left to your judgement to choose a period you can defend as being reasonable and required.