The new General Data Protection Regulations (GDPR) come into force on May 25th, 2018. These new regulations strengthen the rules on personal privacy and have important implications for businesses large and small. The new regulations also come with teeth, with non-compliance attracting fines of up €20M or 4% of global turnover.

The UK authority responsible for upholding the new regulations is the Information Commissioners Office (ICO), who have an excellent Guide to GDPR for businesses and organisations on their website.

GDPR requires businesses to review all their procedures and policies around individual data privacy. GDPR will impact many areas of marketing including your website, email marketing and how you manage personal information internally, on your CRM system for example.

GDPR and your website

Given that your website is a live, publicly available part of your marketing, getting it ready for the May 25th deadline is important. So here are a few aspects to consider:

1. Update your privacy policy
Being transparent about the personal information you collect and how you use and share it is a key part of GDPR. You will need to update your privacy policy to communicate what you are doing in simple, clear language. The main points you need to cover are:

  • What information is being collected?
  • Who is collecting it?
  • How is it collected?
  • Why is it being collected?
  • How will it be used?
  • Who will it be shared with?
  • What will be the effect of this on the individuals concerned?
  • Is the intended use likely to cause individuals to object or complain?

For more information please see the privacy notice section of the ICO Guide to GDPR.

2. Update your consent
Whenever you are taking personal data you need to make sure you are gaining proper consent. For simple enquiry forms, it’s helpful to include a simple consent statement at the bottom of the form, for example:

“We take your privacy seriously & never share your personal information with any third parties. Find out more in our Privacy Policy.”

If you are planning to send email or SMS marketing then you need to be transparent about your intentions and ensure that you gain freely given, informed, specific and unambiguous consent, for example:

“Would you like to receive free news & insights from us every month by email?
Please note, we take your privacy seriously & never share your personal information with any third parties. You can unsubscribe at any time. Find out more in our Privacy Policy.

3. Integrate an SSL certificate
As part of GDPR you need to keep all personal data secure, which includes ensuring the information being transferred from your web user’s browser and your website server is unreadable if intercepted, for which you need an SSL certificate (secure sockets layer). There are a couple of other great reasons to have an SSL:

  • Google Chrome and other browsers are now displaying ‘insecure site’ warnings for sites without SSL
  • Google gives sites with SSL a positive ranking signal to boost search rankings

4. Don’t forget analytics
Personal information is any data which can be used to identify an individual, which includes their computer IP address. If you are using Google analytics you are gathering IP addresses, so remember to consider analytics in your privacy policy.

Written by Richard Jaggs

Richard Jaggs