All things around data protection is changing on May 25th 2018. There are lots of considerations that you need to think about as a business, however we will focus on your website and the changes you need to implement there. Predominantly, websites are utilised to capture data around an enquiry for a product or service. Contact and Enquiry forms generally capture information to enable you to then call or email a customer with information. It’s the first step in engagement.
What’s key is that customers understand that this is the only thing that their data will be used for. You want your customers to feel they are completing the forms knowing that their data will be used only for what they intend, and you won’t pass this on or use it to market 3rd party services or products.
So what are the key rules to follow on your website?
- Tick it!!! – It used to be common to pre-tick these boxes for customers to de-select. Now it’s clear that this is unacceptable.
- Don’t hide it!! – You can’t just hide the GDPR info inside your T’s and C’s. Make it obvious to people. Privacy notices are key here.
- There is no Blanket Consent – If you are asking permission to contact directly, plus pass on their details to a sister company make this clear with 2 boxes, don’t mix up the 2 and muddy the understanding.
- Make sure people can change their mind – If someone has opted in, make sure they can easily opt back out. Withdrawing consent needs to be easy to find and carry out. Don’t just rely on the unsubscribe on the actual mailer.
- If you are asking the customer if you can share, tell them who with – If you have partners or sister companies that data may have been shared with in the past, you will need to tell the customer who these companies are, so they can choose whether you can pass that information e.g. you are buying insurance, the insurance firm must ask permission to pass customer details to a recommended vehicle recovery company. You should also mention if those partners or sister companies are based outside of the EU.
- GDPR and terminology around this needs explaining – Make sure you set up a paragraph or 2 explaining the GDPR terminology and go into detail as to who the data controller is, what information you hold, what you do with the data, how you hold it and for how long.
- E-commerce – If you offer e-commerce you will no doubt capture data in addition to the data captured in the payment tool. You need to tell people that you will hold this for a given period (Legislation doesn’t stipulate timescale so you need to determine a reasonable time frame, obviously if they tick to say you can send them info then that’s OK).
- 3rd party tracking tools – If you use 3rd party tracking like Lead forensics or similar tools you need to ensure they are compliant. Google Analytics is fine, just make sure you know what you have and that they comply.
So what does the site need to make it compliant with GDPR?
- We can review your site in accordance with the above guidance.
- We can then make suggestions as to the changes required to make it compliant.
- We would then apply the changes to the relative parts of your site creating a compliant environment.
Will there be a cost?
We will probably need to apply some technical changes to the site, which will have a small cost associated. With most websites formats there will be a simple and advanced way to carry out the changes so we can outline the options and you can then decide how you would like to proceed.
What do we need to do now?
Give us a call on 01622 755 855 and we can set up a site review, then outline recommendations on the changes needed.