How to make your website GDPR compliant

There is no doubt that the GDPR regulations due to come into effect soon will be a watershed moment for all businesses in the area of data protection. These strict new laws will more tightly govern what information businesses will be able to store on customers, and how they store and use it.

The prospect of harsh financial penalties for non-compliance with the new GDPR laws mean it is something your business needs to take seriously. This is naturally true for any businesses based within Europe, which will all have to comply with these regulations. It might surprise you to learn that it is also true for businesses in countries outside of the European Union too, such as America.

How can a European law affect businesses in non-EU countries?

The key factor here is whether your business provides goods or services (free or paid) to any persons within the EU. If this is true, then GDPR will apply to you in this regard and you must comply with it. The new GDPR legislation will come into effect on May 25, 2018, so there is not much time left to fine-tune your compliance arrangements if you will be affected.

What counts as personal data?

Before we go on to look at a few ways to make your website GDPR compliant, it is worth clarifying what personal data is. As GDPR law is based around your customers’ personal data, it is definitely worth knowing! Personal data includes details such as:

  • Name
  • Address
  • Email address
  • IP address
  • Social security number
  • Race
  • Sexual orientation
  • Religious belief

As you can see, your business will probably hold at least a few of these details on your customers. It is this type of personal data that GDPR has been brought in to protect and to give your customers more control over how it is stored and used.

Five tips for a GDPR-compliant website

In truth, GDPR is huge in scope, so you need to have a thorough read-through to see how it will affect your whole business and note all the things you may need to do to ensure compliance. Naturally, your website is one of the main areas that will be affected in this digital business age. Here are a few ways to get up to speed before May 25:

  • Consider your forms when thinking about GDPR, the consent of your customers for you to not only collect data but also use it for business purposes is key. One critical area here is the forms you may have on your website. Each time a customer fills out a form on your website, with data such as their email address, you must get their explicit consent to use it. A very common situation could be a lotto newsletter that someone may sign up for on a lottery site to help find those lotto winning numbers.
  • Audit your website another great idea in this area is to audit your existing website to check what data you are currently collecting on your customers. Think about the data you collect directly and also through a third-party site. All this must comply with GDPR to keep you out of trouble. Try to collect only data you absolutely need to conduct business with someone. Always make sure it is stored securely and that only those staff who need to access it for work can do so.
  • Sort out your privacy policy under new GDPR laws, you must have a clear and comprehensive privacy policy on your website. All visitors must be able to easily locate this policy and understand how you will collect and store data on them, along with how long you hold it for and what you do with it.
  • Don’t forget the cookies almost all websites will use cookies to track statistical data on visitors for future use. Obviously, this is another area of your website that GDPR will affect. You must provide a pop-up message when people first enter your website to advise them that it uses cookies, and give them the option to accept or decline this.
  • Security is key – to comply with new GDPR law, all websites must make sure their security is as robust as possible. If personal data is stolen or lost through poor cybersecurity, it may be the organization itself that is blamed. With that in mind, make sure that you have top-level SSL encryption on your website to protect your data.

The time to take action is now

If you have not yet begun to take steps to comply with the new GDPR laws, then it is urgent you do so now. With the deadline fast approaching, it means that any business affected has only a short time left to get up to speed. With stiff fines for non-compliance, it is certainly worth starting with your website if you need to get this sorted out.