General Data Protection Regulation (GDPR) is coming.

Like it or not every business that deals with data will have to conform to the new data protection rules coming into force on 25th May 2018, or face very heavy fines. There are many aspects to getting your business ready for the changes but have you considered your website in all of them?

Here are a few things to look out for on your website:

SSL certificates

Having an SSL security certificate on your site is vital. Not only does it offer a level of encryption over any data that passes between your website and the server, it also reassures your customers that you are taking security and their data seriously with the green padlock in the top of the browser.

For many years its been highly recommended but now Google is actively promoting sites with an SSL certificate so there are added bonuses to having one.

Any site that takes personal data, whether that be a contact form or an eCommerce store, must have SSL encryption.

Customer consent

When a website requires customer data it should be made clear what that data will be used for. Signing up for a newsletter, or agreeing to create a user account on the website are just two examples. but with the wide variety of sites out there it could be anything.

Pre-filling a check box saying that the user agrees is not good enough. A user must explicitly opt in to any use of their data. As a company if you are found to be using data in ways other than described then you will face heavy financial fines.

Similarly if the way you use customer data changes you need to inform them in advance and give them the chance to opt out of having their personal details used in that way.

Access to data

The new GDPR rules require everyone to have unrestricted access to their data in an easy manner. This means that you need to be able to access and provide all of the information you currently hold about an individual.

They will be able to review what information you hold about them and also request that you remove the information, the so called ‘right to be forgotten’.

Under the old laws you were able to apply a maximum of £10 fee to process any request but this has been removed under the new law. You must also comply with the request within one month of the request.

If your website or CRM is not GDPR ready then you don’t have long to get it sorted. If you are unsure whether you are compliant, or need help getting the required steps in place, then get in touch with us today.

Published: 16th Jan 2018

« Back