Getting ready for GDPR

GDPR Compliance

The General Data Protection Regulation is an EU-wide regulation which will become effective in the UK on 25 May 2018. It replaces the existing law we currently have on data protection (the Data Protection Act 1998) and gives individuals more rights and protection in how their personal data is used.

GDPR Compliance and your website:
Under GDPR, simply saying “click here to read our privacy policy” is no longer enough. Your business will need to explain clearly why you are collecting personal data and how you intend to use it. If you intend to make any data available to third-party providers (such as Google Analytics or SEO companies) you need to get explicit consent for that. For consent to be valid, it will need to be freely given, specific, informed and an unambiguous indication through a statement or clear action, such as actively ticking a box.

Your website and GDPR compliance…

  • Review website, current strategy (i.e opt in vs opt out) and what changes will need to be implemented.
  • Update your privacy notice to explain clearly what information you collect and how you use it.
  • Updating of associated policies if applicable (e.g. a data retention policy)
  • Review the data capture functionality, databases, systems, and resources that you have so that you can keep all personal data safe and manage communication preferences.
  • User Account Functionality – i.e review the users ability to update their own consent/communication preferences on your website.

Update for 2021: WordPress GDPR compliance guide for 2021

Sue Hallam at Hallam Internet writes a useful Blog about GDPR compliance and web sites:

This guide may help you:

Red 2 Design offers information as a resource, but we don’t offer legal advice. We recommend you contact your own legal advisors to find out how GDPR affects you.


Post Tags: