In this post, I outline 5 Steps to Make Your Website GDPR Friendly, steps that businesses can take on their website to make the right start to becoming GDPR friendly as they move towards compliance for their business.
I have found that looking at the key areas, in terms of the website only, is a really good place to start and the practical steps I outline below can help business owners who may be able to put into place themselves and if not, then they can ask an expert to help them.
Please do bear in mind that web designers and developers are NOT legal experts and cannot give you GDPR specific advice and legal guidance to become compliant. GDPR should be applied to the whole of a business and the website is only a small part of that. However, a good web designer or developer will have a good grasp on GDPR and the knowledge to support you in implementing the technical aspects you need to bring your own website in line with GDPR. Read More Here
*I am NOT providing legal advice and in all cases, proper legal advice should be sought from a lawyer to check that your website is compliant for the purpose of your business.
In this blog, I will outline some of the core essentials that websites should have included on a practical level to begin compliance to GDPR.
5 Steps to Make Your Website GDPR Friendly
Step 1 – Website Policies
All websites must have the following policies available on their website:
These policies should be on each website for every business. To read more about what each of the policies are for and what they should contain and where to get help, you can read my blog The Quick and Easy Website Policy Guide to GDPR
Step 2 – Website Contact Forms
For prospective clients to get in touch with you, most websites will have a contact form on the website. The act of a prospect completing the fields with their name, email address and message and submitting this information through a submit or send button is, by definition an act of “positive affirmation” that they are happy to provide this information to you.
Step 3 – Newsletter Sign Ups and Lead Magnet Opt-Ins
In order to comply with GDPR, there is absolutely no doubt that you need positive and freely given consent through a positive affirmative action for a data subject to agree to receive emails and marketing from you. This means that consent beyond any doubt is required for people opting into your newsletters and your lead magnets.
It is also a GDPR requirement that the consent that is provided is granular in the opt-in process. If someone opts in to receive your lead magnet (freebie download), this does not mean that you can bundle the consent they have given so that all email marketing you do is sent to them. The data subject has to give their consent in a granular way to receive certain types of emails and marketing from you.
For example, I have a free guide download available on this website and this is how people can opt-in just to receive the lead magnet.
When web visitors subscribe to this opt-in, all they will receive is the download itself and a series of emails afterwards that only relate to this original download and the content in it. At the end of the email series, they then have the option to opt-in to the regular newsletter where I write about news and promotions that I think will be of interest to them. If they don’t opt-in to the general email marketing, I will not email them again because they have not provided me with the granular consent required to opt-in to emails with a different purpose.
You can have a tick box selection at the very start of the opt-in if you wish so subscribers can choose what they wish to subscribe to, so have multi tick boxes at the point of opt-in. For me personally, I take one focus at a time, deliver that to interested individuals, then give them the option to keep in touch at the end of the sequence. I will be publishing a further and more detailed blog about email marketing and best GDPR practices.
To comply with GDPR, there is absolutely no doubt that you need positive and freely given consent through a positive affirmative action Click To Tweet
Step 4 – Other Forms and Blog Comments
Form providers such as Gravity Forms and Contact Forms are well-known examples of data capture by using forms. If you don’t know how to configure the tick box and declaration on these forms yourself then you can take a look at an excellent plugin below that will add these declarations on for you.
The same applies to blog comments, the data is stored on the website and needs to be approved as a comment by the WordPress owner and so details of a name, email and website addressed are stored.
This is how the plugin applies the tickbox and declaration for you.
The plugin can be found in the WordPress repository and is free to use WP GDPR Compliance by Van Ons
Step 5 – Get Help to Make Your Website GDPR Friendly
This is a very simple look at some key aspects that need to be addressed by businesses on their websites. Each website is different and has different needs. Each business will implement their requirements in a slightly different way to others but as long as it is GDPR compliant that is what is important. If any business is unsure of what they need to do to be compliant then legal counsel must be sought. In the first instance, contact the ICO to discuss their individual requirements and questions.
The information above is based on my own interpretation and understanding of GDPR and is no way a recommendation for other businesses and their needs.
If you are stuck, then get help. Don’t suffer in silence.
You can join Suzanne Dibble’s excellent GDPR Facebook Group
Get help from a WordPress Consultant, like me, or get in touch with your own web designer or developer and ask them how they can help you.
Do you have any questions or need any help?
If you need some technical help to get some of these aspects up and running on your website, then again, do get in touch, I’d love to help!