The GDPR (General Data Protection Regulation) came into effect back in May 2018 and it scared the living daylights out of most businesses. Everyone thought it was the end of marketing (especially email marketing) and people panicked about getting their website GDPR compliant with the fear of receiving big fines if they didn’t.
It’s been 4 years since the GDPR came into force and there are still companies who have not bothered to update their website or try to implement any changes within their business to ensure they are GDPR compliant. That’s because many people employ the “Oh it will never happen to me” approach or don’t realise that they are in breach.
We’ve had many clients say that they don’t process any personal data, but this is more than likely not true. For example, your website alone will take data from clients, and if you’re using any form of analytics, you will need to declare these cookies in your Cookie Policy.
Website scams checking to see if your website is GDPR compliant
We’ve seen a few unethical companies using bots to crawl the internet to find any website that doesn’t fully comply with GDPR laws.
They then write to such companies claiming that they have stolen their data unlawfully and that they are seeking damages for this.
It might sound ridiculous, but unfortunately, they are right. There are several cases where big firms have been caught out with breaches of the GDPR law and the fines are pretty hefty.
We have spoken to law firms about these cases and their advice is always to pay these people because it’s easier and cheaper than going to court. It’s disgusting, yes, but it is indeed your responsibility to make sure that your website is GDPR compliant.
So, how do I make my website GDPR compliant
Making your website GDPR compliant is actually much easier to do these days, with WordPress adding in policies in their latest versions and having plugins to do the necessary work.
So, here are our top tips to make your website GDPR compliant:
- Update your privacy policy
We say update, but many of you may not even have one! Please understand the data that you hold and put these in a cookie policy and privacy policy. We use an established law firm to do this for all our clients and if you’d like a recommendation, please let us know. They are extremely affordable and ensure you’re protected.
- Secure your website
You absolutely must have an SSL certificate on your website. There’s no excuse these days as they’re free! Do NOT pay a hosting provider for one. We can help you install one for free if you like.
After you install the certificate, you must see a padlock on all browsers and your web address must start with https://
- Get consent for emails
If you have an email newsletter, this is important. Make sure that you get active consent on your website before they give you their email address. This means, they have to tick a box, rather than leave one unticked.
You should also give them the accessibility to opt out of emails easily by providing an “unsubscribe” link at the bottom of marketing emails so they can be removed from your mailing list.
- Review 3rd parties and data processors
You need to be aware of other companies’ data policies if you’re working with them. For example, companies who are processing data on your behalf will also need to be GDPR compliant and you will need to list them as data processors.
Good examples of these can include accountants, 3rd party software on your website, lead generation specialists etc.
- Get a cookie banner
Those annoying pop ups that come up on every website certainly do diminish the UX of a website, but unfortunately, they are a legal requirement.
You can get them for free with a snippet of code and they will be EU compliant. Some trusty WordPress plugins have these too.
If you’re worried about your website not being GDPR compliant or that you’re vulnerable to scammers, then please don’t hesitate to get in touch and we can do a quick and free GDPR compliant audit of your website.