Nearly a year on, is your site GDPR compliant?

For all businesses, GDPR compliance is important and for smaller businesses, reasonably straightforward to implement on your website. Nearly 12 months on lots of sites still don’t comply.

We’ve optimised a number of smaller e-commerce and information sites and made GDPR compliant at the same time. It is important to make it as easy and straightforward as possible for visitors to see how their data is used, who holds the data and how that can be removed.

For larger sites, especially where we capture data across marketing channels and through third parties, it is much more complex but on simpler sites it is usually a straightforward process to bring you inline with regulations, even offering site users the option to automatically remove any data of theirs held.

Where we provide managed hosting, we help our clients process any data requests appertaining to their site as part of the service. Where we provide just stand alone hosting, we still ensure we keep all software and plugins up to date for security and that sites are protected with SSL certificates.

The key questions for general compliance are –

1. Do you have a record of what personal data you hold? Do you know what you use it for?

It’s essential to keep track of the data you hold and to understand why you are keeping it. If you don’t need the information, don’t hold on to to it. Keep your data safe on a truly secure site with one back up.

2. Do people know you have their personal data and understand how you use it?

If you ask for data, make sure the person knows why and how it will be used. Use plain English to explain and make it easy to find the information. Adding a clear privacy page to your menu is a good place to start.

3. Do you only collect the personal data you need?

Only ask for the information you really need and that which will benefit the customer relationship. Making those benefits clear will make the customer feel more confident in providing the information.

4. Do you only keep personal data for as long as it is needed?

Likewise make it clear how long the data is kept for. If it’s for a considerable time, for legal or other reasons, make that clear.

5. Do you keep personal data accurate and up to date?

It is vital to keep the information you gather up to date wherever possible and to give your customer the ability to easily update any information you hold. Regularly audit the information you hold and delete any no longer required.

6. Do you keep personal data secure?

Keep the data safe, don’t share backups. A secure, protected and managed website with a single separate copy on SSD hard drive is a good start for a small business.

7. Do you have a way for people to exercise their rights regarding the personal data you hold about them?

Make sure it is easy for people to see who to contact and how. We recommend adding the data protection office as a specific email address on your site’s privacy policy page. An alias of the correct person’s email is a good idea for small businesses so that any email is seen.

8. Do you and your staff (if you have any) know your data protection responsibilities?

Choose someone to take the role of data protection office – even small companies should have one and link their email within your online privacy policy document – no need to give names just an alias email that goes to the relevant person. Take the time to find what information your business needs and it’s responsibilities.The above are very basic answers relating to websites to the Information Commissioner’s Office checklist for SME’s If you’d like more information on help with GDPR and your online presence, please get in touch.

Related article

How is your website performing?

Consideration of the following 5 basic criteria can help you decide whether your existing website not only looks good but is also performing as well as it should be.

Read more

Published by Nicholas Bradshaw

Partner in Houndstreet

Leave a comment