First things first, GDPR stands for 'General Data Protection Regulation'. You need to take measures to ensure you are compliant before 25 May 2018. If you are already compliant with DPA regulations, you are already three-quarters of the way to being compliant with GDPR.
We want to keep things as simple as possible for our clients, so here are the key things you need to be aware of and ensure you are considering when it comes to data!
Web Forms
All forms on your website must clearly state what any submitted data will be used for. You must ensure that contact forms include a link to your privacy policy / terms & conditions. Unless a form specifically states its intention to sign up to a mailing list, you cannot subscribe the user to any list.
All checkboxes/buttons to opt-in to a mailing list or other must be un-checked or off and must be clicked on to opt-in.
Mailing Lists
You may only use a mailing list for the specific purpose that customers have signed up to. For example, you cannot use a newsletter mailing list to send an advert on product sales, without first directly asking the customer if they would like to hear about products and promotions.
If you already have a newsletter mailing list, as many of our clients do, you can arrange to send an email out to your list, linking them to form asking them if they would like to sign up to your new product promotions mailing list.
If you are unsure, then check out the new processing data regulations for yourself.
Double Opt-in
The use of double opt-in is a simple concept. If you have double opt-in turned on, and add a customer to a mailing list, they must then receive an email asking them to click and confirm.
If you choose to enable double opt-in, then your customers will be asked to confirm their subscription before they receive any further automated mail. This is to prevent one party signing up someone else to all the online mailing lists, and being sent hundreds of emails without their consent.
Although double opt-in is not an explicit requirement of GDPR, we highly recommend having it set up.
Privacy Policy
While being transparent with your intentions on your forms is one step, another is to update your privacy policy. We recommend that your privacy policy fully explains which types of data you collect and store from your customers or users of the website.
The above also applies to Terms & Conditions, for any e-commerce websites.
Responsibility & Accountability
It is the responsibility and liability of the data controller to implement effective measures and be able to demonstrate the compliance of processing activities even if the processing is carried out by a data processor on behalf of the controller.
You the website/business owner, are the data controller and need to be aware of this.
Failure to comply may result in administrative fines, for further information: Article 83(5).
Audits
We are currently setting up a GDPR Website Audit service for our clients, get in touch with us to enquire about this. We will release more details to our clients via email shortly.
