It’s now common knowledge that GDPR (General Data Protection Regulation) is coming into force on 25 May 2018 and it’s even more important than ever that you have the right policies in place on your website. It has always been a legal requirement to have these policies on your website but now it’s even more important to get them right and bring them up to date and GDPR ready. Here’s a quick and easy Website Policy Guide which covers the main areas you need to know about.
There are three policies you need to have on your website and I will address each one in turn. The policies are:-
Website Terms and Conditions
Privacy Policy
Cookies Policy
The Quick and Easy Website Policy Guide for GDPR
Website Terms and Conditions
It is a legal requirement that any business that uses a website must have a Terms and Conditions policy even if the website does not sell any goods or services. These are the key points that your website terms should include:-
- The details of the website owner or company together with contact details
- Details of any permitted uses of website where content can be uploaded to the website by the user
- Details of any registration requirements if required
- Confirmation of any fees payable to use the website
- If the website uses links to other websites a disclaimer of liability must be state that the website owner has no responsibility for content on any linked sites
- If the website enables user comments for user generated content it must request that users do not post anything illegal, defamatory or abusive in nature
- It needs to ensure that website users understand the limitations of how they may use your website content such as text, images and videos to protect your intellectual property
- State the VAT registration details of the company (if applicable)
- Include a link to the website privacy and cookies policies
It is important to bear in mind that different types of websites will require additional information such as eCommerce sites, Membership sites and it is important that you seek professional advice to ensure that the website terms and conditions are suitable for your business.
Privacy Policy
With the onset of GDPR, the privacy policy is one policy that needs particular attention. The guidance from the ICO (Information Commissioner’s Office) states that the information companies provide about personal data processing must be:
concise, transparent, intelligible and easily accessible;
written in clear and plain language, particularly if addressed to a child; and
free of charge.
GDPR states that companies must be “transparent by providing a privacy notice is an important part of fair processing. You can’t be fair if you are not being honest and open about who you are and what you are going to do with the personal data you collect.”
The following questions must be addressed when writing a privacy policy:
- What information is being collected?
- Who is collecting it?
- How is it collected?
- Why is it being collected?
- How will it be used?
- Who will it be shared with?
- What will be the effect of this on the individuals concerned?
- Is the intended use likely to cause individuals to object or complain?
For full details on what information should be included in a Privacy Notice you can view more details on the ICO website here
[bctt tweet=”Companies must honest and open about what they are going to do with the personal data they collect about you on their websites” username=”@umbrelladigita1″]
Cookie Policy
What is a cookie?
The ICO states that “A cookie is a small text file that is downloaded onto ‘terminal equipment’ (eg a computer or smartphone) when the user accesses a website. It allows the website to recognise that user’s device and store some information about the user’s preferences or past actions.
In order to comply with the Cookie regulation the ICO states you need to:
- Tell people the cookies are there;
- Explain what the cookies are doing and why; and
- Get the person’s consent to store a cookie on their device.
As long as you do this the first time you set cookies, you do not have to repeat it every time the same person visits your website. It is good practice to reset the Cookie so that people visiting your website do see the cookie policy reminder from time to time.
How to get the right wording for your policies
Firstly, do not copy and paste policy wording from other websites. Each business has their own specific requirements and you should ensure that your policies are suitable for your own business.
In the first instance, you should seek professional guidance to ensure that you have the right documentation for your business.
You can buy policy wording, professionally prepared by a legal team that can be used for your business for example:-
Suzanne Dibble – Free GDPR Webinar and GDPR Pack
These are just examples of legal firms who provide standard forms which can be used for your business.
You can use a provider such as Iubenda, who specialise in Privacy and Cookies Policies. Policies can be created and displayed electronically on your website. You can also add details of the 3rd party providers that your business uses to collect and stores data as part of your day to day business activities. The beauty of Iubenda is that as legislation changes, the policies are automatically updated to ensure that the wording is still compliant and up to date.
I cannot provide legal advice but I can give you advice on what you need to display on your website and where to display it. If you need any guidance, then please do get in touch.
Disclaimer: Umbrella Digital Media does not give legal advice and recommends that professional assistance is sought to obtain the suitable legal wording for your own business.
Reference Sources
The Information Commissioner’s Office
ICO Preparing for GDPR: 12 Steps to Take Now PDF Download Guide
