Your Website & GDPR

Making your website GDPR friendly.

An Overview of GDPR

The General Data Protection Regulation (GDPR) is a legal requirement for businesses who deal with EU citizens as to how they should process and store their personal data. It is not dependent on the location of the business but whether or not the individual (or data subject) is an EU citizen.

The core principles of GDPR cover the data gathered and stored about EU individuals so that individuals have:

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and
  • the right not to be subject to automated decision-making including

Read the ICO’s (Information Commissioner’s Office) definition of the key principles here

What Does GDPR Mean for Businesses?

It means that businesses must be transparent about what personal data they hold, where it came from and who they share it with. Businesses will need to undertake an information audit on their own business operations to find out what information they store and process about individuals who reside in the EU.

When you collect personal data (under GDPR) businesses will have to give people information about what data they collect about them and why, where this information is stored and for how long. GDPR requires that the information is provided in a clear and easy to understand language.

Businesses must process an individual’s data on a lawful basis and with an individual’s explicit and positive consent to do so.

Where to Get Help

The ICO provides guidance for businesses and how they can implement GDPR throughout their business and the ways in which businesses can approach it. They have published a 12-step guidance which is a good place to start if you do not already have a clear overview of GDPR and what it means Read the ICOs 12 Steps to Prepare for GDPR

GDPR is the responsibility of each business to implement throughout all areas of their business. It is a legal requirement and as such requires the services of a legal team or lawyer to ensure that your business has implemented all the aspects required to be GDPR compliant.

GDPR Resources

The first port of call is the ICO’s website. It has all of the key information and detail that you need. If you have specific questions relating to your business, you can contact them direct by phone or live chat, to get your questions answered.

Visit the ICO website

If you are looking for further advice, I strongly recommend you access the legal expertise of Suzanne Dibble through the following channels:

GDPR for Entrepreneurs: a Facebook Group supporting micro-business through the key aspects of GDPR 

suzanne dibble checklist

Suzanne Dibble’s FREE GDPR Checklist

Suzanne Dibble’s FREE GDPR Webinar training and access to her GDPR Legal Pack (including key legal documents to help businesses work through and implement GDPR)

GDPR and Your Website

The following is an overview of the more easily identifiable aspects that businesses can implement on their websites to work towards becoming GDPR compliant.

*I am NOT providing legal advice and in all cases, proper legal advice should be sought from a lawyer to check your own compliance for your own business.

There are common aspects on a website that business owners need to consider. These are:-

  • What data does a business collect on the website and how?
  • Where is that data stored and how long for?
  • Where and how should this information be presented to web visitors and how?
  • How do web visitors give their consent to opt-in to a newsletter communication or lead magnet?
  • How does a business practically apply the necessary options required on the website?

This can be a highly complex answer depending on the type of website a business has and the data that website collects. Business owners should seek the appropriate level of advice depending on the complexity of their business.

I have outlined some of the core essentials that websites should have included on a practical level to begin the compliance process to GDPR, particularly in terms of policies, contact forms and email subscriptions. For some practical steps you can implement read my blog GDPR: A Practical Guide for Websites (2019)

GDPR and WordPress Core

WordPress have taken GDPR very seriously and have worked very hard to deliver GDPR components within WordPress itself.

The core features have now been integrated, you can read more detail about the features in this article Read GDPR Going into WordPress Core

More GDPR Resources

  • Kinsta take a deep dive into the more technical aspects of WordPress and making sites GDPR compliant. They have put together a really comprehensive blog which addresses some more complex areas relating specifically to WordPress and provides some great resource links to explore further. This is one of the more detailed articles which delves into the practicalities a little more. Read the article here
  • Woo Commerce are also working very hard in bringing GDPR within their remit and have recently published details of what they have been working on here
  • In this special GDPR edition Podcast, Lee Jackson from Agency Trailblazer gives an insightful overview about GDPR and how to apply it to your business and your website. Take a listen here
  • Finn Hillebrandt at BlogMojo has undertaken extensive research to look at major WordPress plugins and their compliance. You can read his comprehensive guide here

And finally...

GDPR is a legal requirement and advice should be taken from a lawyer to implement it throughout your business. Your web designer or developer will work together with you to implement the technicalities that you need on your website to ensure compliance but cannot give you specific legal advice.

If you need any help with your website GDPR implementation, then get in touch today and I would be more than happy to have a conversation with you.