The introduction of the General Data Protection Regulation (GDPR) will see a series of changes to the way that data is captured, used and managed for everyone within the EU. Its purpose is to give everyone better control of the data that can be captured and used about them.
This means that any person your business holds information on has the right to request you erase their data, and you must do it.
Under GDPR, the concept of consent being given freely, specific and informed is being strengthened with new rules, which means businesses need to provide more transparency, especially when it comes to their website.
To ensure that your website is compliant with the requirements of GDPR before it comes into effect in May, we’ve listed the five changes you should make now to stay on the right side of compliance and keep your customers happy.
Inform your audience
A good place to start is by creating or updating your privacy statement to explain what personal data you collect and what it is used for in a brief and readable way – so users can understand.
Check online payments
Most ecommerce businesses use a payment gateway for transactions, collecting personal data before passing the details on to the payment gateway.
Once GDPR comes into effect, you will need to alter your web processes to get rid of any personal information after a short period – the GDPR legislation is not explicit about the number of days, it will be down to your own judgement as to what can be defended as reasonable and necessary.
Make it easy to withdraw permission
Users must be able to unsubscribe from a stream of communications just as easily as they gave their consent in the first place. Ensuring that this withdrawal process is easy is a major part of the new legislation.
Clue–up on consent – opt–in and opt–out
For consent to be valid, it will need to be freely given through a statement or clear affirmative action, such as actively ticking a box. You will need to make sure that your website acquires consent in this way, and there are two types to look out for:
Unbundled Consent: When someone is signing up to something, many businesses have a solitary terms and conditions tick box which covers all areas. However, GDPR changes will require there to be a separate tick box from the T&Cs which focusses solely on asking for consent, and one which isn’t a precondition of signing up to a service, unless it absolutely must be.
Granular Consent: Granular consent provides users with the option to consent to each contact method separately. Such as deciding upon which they’d prefer between text, email, letter and phone.
State who you share information with
Finally, if you share customer data with other organisations, under GDPR you must make users aware of whom you share their data with, and why.
The maximum sanction for non-compliance with GDPR is €20m (£17.5m) or up to four per cent of your annual worldwide turnover (based on figures from the preceding fiscal year), whichever is greater. So, it would be foolish to not take the correct steps to ensure you’re meeting the requirements.
How we can help…
If you need any extra information or help getting equipped for GDPR, get in touch with us today. As experts in website design and digital marketing, we will ensure that your website not only delivers sales, but looks great and is compliant with all the relevant legislation.