GDPR compliant sites

Nearly a year on, is your site GDPR compliant?



For all businesses, GDPR compliance is important and for smaller businesses, reasonably straightforward to implement on your website. Nearly 12 months on lots of sites still don’t comply.

We’ve optimised a number of smaller e-commerce and information sites and made GDPR compliant at the same time. It is important to make it as easy and straightforward as possible for visitors to see how their data is used, who holds the data and how that can be removed.

For larger sites, especially where we capture data across marketing channels and through third parties, it is much more complex but on simpler sites it is usually a straightforward process to bring you inline with regulations, even offering site users the option to automatically remove any data of theirs held.

Where we provide managed hosting, we help our clients process any data requests appertaining to their site as part of the service. Where we provide just stand alone hosting, we still ensure we keep all software and plugins up to date for security and that sites are protected with SSL certificates.

The key questions for general compliance are –

1. Do you have a record of what personal data you hold? Do you know what you use it for?

It’s essential to keep track of the data you hold and to understand why you are keeping it. If you don’t need the information, don’t hold on to to it. Keep your data safe on a truly secure site with one back up.

2. Do people know you have their personal data and understand how you use it?

If you ask for data, make sure the person knows why and how it will be used. Use plain English to explain and make it easy to find the information. Adding a clear privacy page to your menu is a good place to start.

3. Do you only collect the personal data you need?

Only ask for the information you really need and that which will benefit the customer relationship. Making those benefits clear will make the customer feel more confident in providing the information.

4. Do you only keep personal data for as long as it is needed?

Likewise make it clear how long the data is kept for. If it’s for a considerable time, for legal or other reasons, make that clear.

5. Do you keep personal data accurate and up to date?

It is vital to keep the information you gather up to date wherever possible and to give your customer the ability to easily update any information you hold. Regularly audit the information you hold and delete any no longer required.

6. Do you keep personal data secure?

Keep the data safe, don’t share backups. A secure, protected and managed website with a single separate copy on SSD hard drive is a good start for a small business.

7. Do you have a way for people to exercise their rights regarding the personal data you hold about them?

Make sure it is easy for people to see who to contact and how. We recommend adding the data protection office as a specific email address on your site’s privacy policy page. An alias of the correct person’s email is a good idea for small businesses so that any email is seen.

8. Do you and your staff (if you have any) know your data protection responsibilities?

Choose someone to take the role of data protection office – even small companies should have one and link their email within your online privacy policy document – no need to give names just an alias email that goes to the relevant person. Take the time to find what information your business needs and it’s responsibilities.The above are very basic answers relating to websites to the Information Commissioner’s Office checklist for SME’s If you’d like more information on help with GDPR and your online presence, please get in touch.


Related article

How is your website performing?

Consideration of the following 5 basic criteria can help you decide whether your existing website not only looks good but is also performing as well as it should be.

Read more

Your website looks good but is it performing?

How is your website performing?

Consideration of the following 5 basic criteria can help you decide whether your existing website not only looks good but is also performing as well as it should be.

1. Fast loading.

If a page doesn’t appear lightning fast site visitors will quickly move on to a competitor’s site, and many will never return. A recent survey found that 40% of shoppers abandon a website that takes more than three seconds to load, and even amongst loyal customers who persist there is a marked level of customer dissatisfaction. Another negative of slow loading is that Google and other search engines use page loads time to determine search engine rankings.

2. Mobile Friendly.

Over the last couple of years mobiles and tablets have been used to browse the internet far more often than desktops and notebooks. This trend is bound to continue and by next year it’s predicted that mobile use will account for 79% of web traffic.  Google define mobile friendly websites as best practice as they ensure a uniform high quality experience for consumers across all devices. Accordingly, their ‘mobile first’ search index decides rankings based upon the mobile version of a websites, so a good mobile site will enhance SEO.

3. Analytics.

It’s important to collect data in order to plan business strategies and monitor and improve website performance. Google Analytics can show how your site visitors came to your site, their location, how long they spent on your site and how they engaged with it. You can assess whether user’s expectations are being met, and take steps to address any issues arising. Call To Action buttons, Purchase Links etc. can be placed where they are most likely to boost your conversions. Popular and targeted content will also aid SEO. In short, analytics can gauge key indicators such as web traffic and conversions to help you improve your performance and achieve your goals.

4. Good SEO.

It’s important your site is optimised for both search engines and site visitors. Relevant, engaging content that appears regularly will appeal to site visitors. A CMS system that enables you to create, edit, review and publish to whatever level you choose, rather than being tied into a disabled system is essential.  SEO tags and elements will appeal to search engines.

5. Strong Security.

Security checks should always be in place to protect data. Malware can result not only in the theft of your data but all your custtomer’s data too. Search engines will blacklist a site that is found to have malware. SSL Certificates, backing up sites, updating plug-ins on a regular basis and hosting on a secure server are just some of the measures that should be undertaken to protect your site. Security can often be overlooked, but it is vital.


Related article

Nearly a year on, is your site GDPR compliant?

For all businesses, GDPR compliance is important and for smaller businesses, reasonably straightforward to implement on your website. Nearly 12 months on lots of sites still don’t comply.

Read more