EDIT: 22 May 2018
Help with your privacy notice is at hand.
The Contracts Lady, Rachel Chiverton, has kindly written a guest post for Wicked Spider about what you need to include in your website privacy policy, or as Rachel explains, your website privacy notice.
EDIT 20 May 2018
WordPress have now added some tools to help with the GDPR.
EDIT 15 May 2018
Craig Parsons is another source of help. He can advice you how to protect your data and your business at the same time.
Original Post
If you have managed to get through the last few months without hearing about GDPR (General Data Protection) then it is a miracle!
I thought I would put together a brief outline of some of the resources out there that I have found helpful, including a free GDPR checklist, and an overview of how GDPR affects websites.
As I do not have any legal training I cannot advise a business about what they need to do to be GDPR complaint. What I have done is copy the principles from the Information Commissioner’s Office (ICO) website and list the most common areas where GDPR and websites intersect.
These are the 8 principles that you need to address. “Processing data” includes just holding data too and GDPR applies to digital and non-digital data -i.e. Bits of paper.
The GDPR provides the following rights for individuals:
(Taken directly from The Information Commissioner’s Office website https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/)
The Information Commissioner’s Office are the guardians of GDPR and if you call them I hear they are very helpful. I cannot endorse any of the organisations in this list – but I have found them to be helpful.
I hear that if you are a member of The Federation of Small Business they have a GDPR support department. Rachael Chiverton, The Contract Lady may also be of help.
Here are a few items (not exhaustive) you need to consider on your website and provide content and/or instructions to your web designer company:
I would also recommend that you add a security certificate to your website so that the data transmitted is more secure. You will know if this has been done if your website link has https in the link or if in Google Chrome you see a padlock and “Secure” text in the browser.
The security certificate is required by Google anyway now irrelevant of GDPR regulations.
Google is flagging websites up as insecure if they don’t have the SSL certificate.
There are some grey areas – how I hate grey areas!. But if you are not already in Suzanne Dibble’s free GDPR Facebook group that would be my first recommendation. And of course her GDPR Compliance Pack would be my second. The pack costs £147 at the time of writing – I believe there is a price rise due on the 25th April 2018.
If I’ve created your website for your business then let me know what you want to do with your privacy and cookie notices and data processing contracts and I’ll get in touch with you about the next steps.
You will find templates in the GDPR Compliance Pack if you need them. I am sure there are other places to get templates from but just ensure it is a reliable source.
And don’t forget Rachel Chiverton’s post about what you need to include in your website privacy policy,
*Some of the links included in this post are affiliate links.
