EDIT: 22 May 2018
Help with your privacy notice is at hand.
EDIT 20 May 2018
WordPress have now added some tools to help with the GDPR.
EDIT 15 May 2018
Craig Parsons, from Persolvo is another source of help. He can advice you how to protect your data and your business at the same time.
If you have managed to get through the last few months without hearing about GDPR (General Data Protection) then it is a miracle!
I thought I would put together a brief outline of some of the resources out there that I have found helpful, including a free GDPR checklist, and an overview of how GDPR affects websites.
As I do not have any legal training I cannot advise a business about what they need to do to be GDPR complaint. What I have done is copy the principles from the Information Commissioner’s Office (ICO) website and list the most common areas where GDPR and websites intersect.
These are the 8 principles that you need to address. “Processing data” includes just holding data too and GDPR applies to digital and non-digital data -i.e. Bits of paper.
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
(Taken directly from The Information Commissioner’s Office website https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/)
GDPR Checklist & Other Resources
The Information Commissioner’s Office are the guardians of GDPR and if you call them I hear they are very helpful. I cannot endorse any of the organisations in this list – but I have found them to be helpful.
- The Information Commissioner’s Office
- Suzanne Dibble’s GDPR Checklist (free)
- Suzanne Dibble’s GDPR Facebook group (free to join)
- Suzanne Dibble’s GDPR Compliance Pack
- Any professional bodies you belong to may have GDPR support
- Robin Adam’s MailChimp Answers Facebook group
I hear that if you are a member of The Federation of Small Business they have a GDPR support department. Rachael Chiverton, The Contract Lady may also be of help.
GDPR and your Website
Here are a few items (not exhaustive) you need to consider on your website and provide content and/or instructions to your web designer company:
- Lead Magnets (ebook downloads in exchange for an email address)
- Google Analytics
- Facebook Pixels
- Contact Forms
- Enquiry Forms
- Quotation Forms
- Blog comments
- e-Newsletter Signup Forms
- Web Hosting
- Website Maintenance
- Data processing contracts with your web design company, web hosting company and website maintenance provider.
I would also recommend that you add a security certificate to your website so that the data transmitted is more secure. You will know if this has been done if your website link has https in the link or if in Google Chrome you see a padlock and “Secure” text in the browser like this:
The security certificate is required by Google anyway now irrelevant of GDPR regulations.
Google is flagging websites up as insecure if they don’t have the SSL certificate. This is what your clients would see if your website is insecure:
Your Next GDPR Steps
There are some grey areas – how I hate grey areas!. But if you are not already in Suzanne Dibble’s free GDPR Facebook group that would be my first recommendation. And of course her GDPR Compliance Pack would be my second. The pack costs £147 at the time of writing – I believe there is a price rise due on the 25th April 2018.
If I’ve created your website for your business then let me know what you want to do with your privacy and cookie notices and data processing contracts and I’ll get in touch with you about the next steps.
You will find templates in the GDPR Compliance Pack if you need them. I am sure there are other places to get templates from but just ensure it is a reliable source.
*Some of the links included in this post are affiliate links.