I’ve had lots of questions this week from my clients about GDPR (General Data Protection Regulation) and what changes they may need to consider to make sure that their web sites are compliant.  I have read a thousand articles this week and it was confusing, I admit.  I have summarised the key points for consideration when updating your site to conform to GDPR, without going into the proper nitty gritty.

It affects everyone, including sole traders, and not just the larger organisations.

GDPR compliance will come into effect in May 2018 for all websites that capture information.

What constitutes personal data?
Any data that can be used to identify a living person directly or indirectly is classed as personal data, for example:

  • Name
  • Address
  • Email address
  • Location information

Places on your website where you may be collecting this information

  • Contact forms
  • Online purchases
  • Email sign ups
  • Comments on blogs

How do I make my site GDPR compliant?
Even if you have a very simple brochure site, the chances are you have a contact form. So here is what you have to do…

  1. Avoid creating long forms that ask for a lot of data without making it clear what it’s used for
  2. Watch for contact form plugins that store personal data in the WordPress database
  3. Create or update your privacy policy to explain what personal data you collect and what it is used for in a brief and readable way
  4. Add a clear link on your site to your privacy policy
  5. You have to allow your web site visitors to ‘opt-in’ to the information you are going to collect about them
  6. Remember to add to your privacy policy that commenting is also included in GDPR

What about cookies?
Cookies are covered under the ePrivacy regulation, separate from GDPR. So that’s a discussion for another day!

In summary
The purpose of GDPR is to strengthen a persons rights regarding the collection, use and storage of their personal data.  Within the context of your web site you need ensure that ‘approval’ is gained before collecting personal information.  In addition the information must only be used for the purposes that consent has been given. So if you are collecting information on a contact form this does not give you permission to add them to your email marketing list, be warned!