GDPR Compliance – Website Requirements
GDPR Compliance – We’ve all seen the GDPR privacy policy updates all over the Internet the past few months. From updated Terms & Conditions on websites, Jobs Websites, AdWord Accounts, Facebook, Twitter, accepting renewed email subscription with updated terms and you’re probably thinking. What about my own website? Am I covered and by law what must I do?
But first, if you are interested in our services at Digital Sales, check out this quick video:
Within this blog post, we will examine what you need to do if you have a website with Google Analytics code on it, your website contains a Contact Us form or Sales form or you have a comments and registration section of your website, Social Media Share Buttons, you have an online shop and if you have an email subscription functionality on your site. But first a quick over view of GDPR.
What is the GDPR Compliance – Overview
The General Data Protection Regulation (GDPR), makes law the fundamental right of every living person to control their personal information, and have it adequately protected by any group processing and holding it. And so, in order to continue trading with other countries in the European Economic Area, Irish companies need to comply with European standards on data protection.
It applies as law and is enforceable from the 23rd of May 2018 and regulated by the Data Protection Commissioner (DPC). It applies to all companies, commercial, voluntary or public service that collects stores, or presses the personal data of European citizens. If you are a company outside the EU, but trades within it, you must adhere to the GDPR.
If an organisation is in breach of GDPR, they can be fined 20 million euro or 4% of annual global turnover.
The overarching principles on the protection of personal date are:
- Data should be processed: Lawfully, Fairly, Transparent
- And must be collected processed for Specific and Legitimate reasons only
- The date must be Necessary for the purpose only
- Date must be Accurate and only Retains no longer than the purpose
- Data must be processed in a Secure manner
The ‘controller’ must be able to demonstrate compliance to all of the principles above, this is known as the ‘accountability principle’.
Email Subscriptions, Mailing Lists and GDPR Compliance
You have probably received re-engagement emails lately from companies you are registered with. In theory you should also send this type of email to your current mailing list. You will most likely lose subscribers, but it should be done. The re-engagement email should cover these particular points:
- How you got their personal details
- Why you are contacting them
- What sort of content you will send them in the future if they opt in
- How they can update their communication preferences and opt out
GDPR Compliance and Email Marketing
Users must ‘opt in’ ergo you must get permission to send email marketing. So, if a customer buys a product, and you want to add them to your email marketing list, you must ask permission. Or, say a prospect complete a Quotation form, you can’t add that prospect to an email marketing list unless they have agreed to. And you must keep a record when they gave permission and you need to log exactly what they were shown when opting in.
Also…
- An opt out must be on all email marketing/subscription correspondence
- Forms must no longer include pre-ticked boxes, as this is considered implied consent and not freely given
- All default ‘Active Opt-in’s with ‘Yes’ as default, must be changed and set to ‘No’, the user must deselect a ‘No’ opt in or better yet, leave the user to select the opt in
- You cannot include acceptance of Terms and Conditions and terms of communication and using date, they must be clearly separate
- Granular Opt In – users should be able to opt in and provide consent for different types of communications – for example: Post – Email – Text – Telephone
- Opt-ing out must be as easy as it is to Opt-in or changing the frequency of communication
- If your form is asking to provide your data to other third third parties.
GDPR Compliance – Privacy Policy and Cookies
The use of cookies should also be outlined in your privacy policy and what the information collected will be used for.
Updating your Privacy Policy – you must make it transparent what you will do with the information once you’ve received it, and how long you will retain this information both on your website and also by your office systems. You will also need to communicate how and why you are collecting data. Your privacy policy will need to detail applications that you are using to track user interaction.
Online Payments – most websites will have an offsite payment gateway however; your website will most likely pick up certain user details. Your website is storing personal details and so these details need to be removed after a reasonable period of time, a couple of months should suffice, but no time stamp has been enforced or recommended by the GDPR.
If you are using Remarketing techniques, you must update you Privacy Policy that cookies are being used in this way.
So, how can you quickly become GDPR Compliant? An all-encompassing GDPR Solution from iubenda endorsed by Digital Sales
If you visit our website at www.DigitalSales.ie – you will notice the standard Cookies Policy at the bottom of the page, a pop up you see on most respected websites and links to our Cookie Policy page and to our website Privacy Policy.
Yes, we use ‘iubenda’ and we are doing so because if any online provider (Google, Microsoft, Mailchimp, etc) updates their legal’s, usage policy or there is a change in the Law, ‘iubenda’ will automatically updates the Digital Sales Cookies and Privacy Policy pages, in order to counteract this change. And you don’t have to worry about anything, it will be done before you even notice! Nothing no worry about, and the annual fee is very reasonable at around 30 euro per annum.
GDPR Compliance – Do you want to get ‘iubenda’ for your website?
If you would like to make your website GDPR compliant, we can add your website to our ‘iubenda’ account, configure your policies against the systems and software you are using on your website and add the necessary new pages to your website and removing the old Privacy Policy pages. Fully covering your website for GDPR compliance.
Need a Quotation to get your website GDPR compliant?…Contact Digital Sales
Simply send a mail to info@DigitalSales.ie or call any of our phone number on: 01 539 7207, 021 202 1077, 091 734 107.
Diarmuid Haughian – Business Development Director – Digital Sales
Dip. International Selling, Cert. Digital Marketing, MSc. BITS, MA Career Guidance
Comments are closed.