We hope you are enjoying the first few blog posts regarding GDPR and how it could affect your business. Well, when we say ‘enjoy’… you know what we mean. We know GDPR isn’t the most thrilling of subjects, but you will wish you had paid more attention when you get slapped with a huge fine!
Are you bored yet?
So yes, although it may seem a little dull. It is VERY important that you get it right. And start taking actions today. Not tomorrow, not a few weeks down the line. TODAY. Is that shouty enough for you?!
By now, we hope you fully understand the impact of GDPR and the basic information that you need to be aware of. And we have already run through the 5 points that GDPR covers. But most importantly, from a website point of view, there are actions that you need to be making.
Most of these we can take care of for you, but we are getting very booked up so the sooner you let us know the better.
SSL certificates & Securi plugin
This may all just sound like jargon to you, but don’t be frightened by that. An SSL certificate is quite simply a ‘security technology’ which allows encrypted communication between a web browser and server.
It can be seen as the little padlock on the address bar of a website. It is important for staying safe online, particularly when sensitive customer data is being entered. So it kind of speaks for itself – customers are entering data, and you need to ensure that data is safe. The SSL does this for you, and we can install this for only £60+VAT annually.
Next up, the Securi plugin. This is simply a plugin that is added to the backend of a website, which logs the activity of the server. So if the worst happens, and you have a data breach, this will allow you to identify when and where the breach occurred. Again, we can do this for you, so don’t panic!
Software updates
No, we aren’t talking about those annoying Windows updates that take hours to download, right when you need to use your computer. We are referring to keeping both your WordPress and server software up-to-date. If you are on a monthly support and maintenance package with us, then you don’t even need to think about this one.
Review consent forms
There are a couple of things you need to consider with regards to any data-collecting forms on your website. The first one is, do you REALLY need to collect that data? For example, if your contact form asks people for their date of birth, but you are never going to use this, don’t collect it in the first place!
Obtaining consent is a huge part of GDPR. When collecting any personal data that is either going to be stored or transmitted from the website, you must obtain EXPLICIT consent. For website forms, a simple opt-in checkbox will suffice. However, email forms are a slightly different story. You need to implement a double opt-in. Where they have to check a box to say they want to subscribe to your newsletter, and then an email will be sent to them, confirming their sign-up.
This all may sound like quite a lot of work, but with email automation this is actually a relatively easy process. Once it is set up, it will do all the work for you!
Updated Privacy Policy
Again, another biggie. With all this detailed personal data you are collecting, you need to let people know how they can retrieve their data, and how you propose to conform with GDPR. It should detail who you are, what you are going to do with their information, and who it will be shared with.
We are actually in the process of revising the core Privacy Policy we use on client’s websites, so again this is not something that you need to worry about too much. We will be contacting all clients in order to get this update scheduled in for you.
Exporting data
With the introduction of this new GDPR, you need to be able to provide an easy way for client data to be exported and removed. If a customer wants to know the data you have on them, you have to provide it in an easy-to-access format. And quickly.
So any records that are stored from the website – such as contact forms, sign-up forms, registration forms, all need to be downloadable in both PDF and CSV formats.
Summary
So all in all, it isn’t too scary. Yes there are a few things that need to be carried out to your website to ensure it is GDPR compliant, but we are on hand to help. We want you to be in the best possible position before the 25th May (when the regulation comes into place). And we will be providing complete support in order to prepare your website for this.
Do let us know if you have any concerns, or questions regarding what you need to be doing to prepare for GDPR by emailing [email]office@laser.red[/email], or giving us a call on 01472 878496.