Is your website compliant with the requirements of GDPR due to come in effect later this month? This 7-step checklist should help make your website stay on the right side of the law, and keep your customers happy.
First things first: the General Data Protection Regulation (GDPR) comes into effect on 25th May. The legislation applies not just to EU businesses but everyone who serves their website to EU members, including the UK.
If you fail to comply the legislation, you could be faced with a hefty fine up to 4% of your turnover (up to a maximum of 20 Million Euros).
This GDPR has been written to protect EU citizens from privacy and data breaches. The legislation specifies what personal data is and what can be done with it, as well as defining the role and responsibilities of the business that possesses this data.
Here’s how to get your website GDPR ready in just seven simple steps!
1. Update Your Cookie and Opt-in Notification
Further, if you’ve got any forms on your website, you cannot have any pre-ticked boxes. The person on your website who submits the form has to opt-in to your policy and tick the boxes themselves.
4. Enable an SSL
A Secure Socket Layer (SSL) is essentially the green padlock in the top of your browser.
If someone visiting your website is using Firefox and you don’t have an SSL enabled, Firefox will warn the user your website that your website is unsecure.
SSL’s are good practice as it helps with your organic ranking. They also secure and encrypt the data that that goes from your website to the end user’s computer and back again. Even if you don’t take payments through your website, it’s still best practice to have an SSL certificate.
5. Check Your Email Provider has a GDPR Policy
If you have an inquiry or contact form on your website, you must make sure your email provider has a GDPR policy in place.
So if you use Gmail, Outlook 365, or other, you’ve got to make sure they’re covering you.
If you print out your inquiries and leads, then you need to make sure you dispose of the data as quickly as possible. You cannot store it on file without consent and you must never simply chuck it in a bin. Instead, you must shred the information and dispose of it correctly.
6. Ensure Your Payment Gateway has a GDPR Policy
7. Make Sure Your Web Chat has a GDPR Policy
In recent years there’s been a big adoption of chat systems.
One issue for data protection is they often store data to pre-populate the required fields (i.e. name, email address, etc.).
So, if you have a web chat on your website, you must ensure your chat provider has coverage of GDPR in their policy, and in your policy, you must reference it too.
There you have it, seven simple steps to get website GDPR ready!
Get Free Early Access to AdEvolver
Enter your email below and get on the early access list. You'll get priority access when the first version of AdEvolver goes live!