Nearly a year on, is your site GDPR compliant?
For all businesses, GDPR compliance is important and for smaller businesses, reasonably straightforward to implement on your website. Nearly 12 months on lots of sites still don’t comply.
We’ve optimised a number of smaller e-commerce and information sites and made GDPR compliant at the same time. It is important to make it as easy and straightforward as possible for visitors to see how their data is used, who holds the data and how that can be removed.
For larger sites, especially where we capture data across marketing channels and through third parties, it is much more complex but on simpler sites it is usually a straightforward process to bring you inline with regulations, even offering site users the option to automatically remove any data of theirs held.
Where we provide managed hosting, we help our clients process any data requests appertaining to their site as part of the service. Where we provide just stand alone hosting, we still ensure we keep all software and plugins up to date for security and that sites are protected with SSL certificates.
The key questions for general compliance are –
1. Do you have a record of what personal data you hold? Do you know what you use it for?
It’s essential to keep track of the data you hold and to understand why you are keeping it. If you don’t need the information, don’t hold on to to it. Keep your data safe on a truly secure site with one back up.
2. Do people know you have their personal data and understand how you use it?
If you ask for data, make sure the person knows why and how it will be used. Use plain English to explain and make it easy to find the information. Adding a clear privacy page to your menu is a good place to start.
3. Do you only collect the personal data you need?
Only ask for the information you really need and that which will benefit the customer relationship. Making those benefits clear will make the customer feel more confident in providing the information.
4. Do you only keep personal data for as long as it is needed?
Likewise make it clear how long the data is kept for. If it’s for a considerable time, for legal or other reasons, make that clear.
5. Do you keep personal data accurate and up to date?
It is vital to keep the information you gather up to date wherever possible and to give your customer the ability to easily update any information you hold. Regularly audit the information you hold and delete any no longer required.
6. Do you keep personal data secure?
Keep the data safe, don’t share backups. A secure, protected and managed website with a single separate copy on SSD hard drive is a good start for a small business.
7. Do you have a way for people to exercise their rights regarding the personal data you hold about them?
8. Do you and your staff (if you have any) know your data protection responsibilities?