GDPR: Website Compliance
First things first, GDPR stands for 'General Data Protection Regulation'. You need to take measures to ensure you are compliant before 25 May 2018. If you are already compliant with DPA regulations, you are already three-quarters of the way to being compliant with GDPR.
We want to keep things as simple as possible for our clients, so here are the key things you need to be aware of and ensure you are considering when it comes to data!
All checkboxes/buttons to opt-in to a mailing list or other must be un-checked or off and must be clicked on to opt-in.
You may only use a mailing list for the specific purpose that customers have signed up to. For example, you cannot use a newsletter mailing list to send an advert on product sales, without first directly asking the customer if they would like to hear about products and promotions.
If you already have a newsletter mailing list, as many of our clients do, you can arrange to send an email out to your list, linking them to form asking them if they would like to sign up to your new product promotions mailing list.
If you are unsure, then check out the new processing data regulations for yourself.
The use of double opt-in is a simple concept. If you have double opt-in turned on, and add a customer to a mailing list, they must then receive an email asking them to click and confirm.
If you choose to enable double opt-in, then your customers will be asked to confirm their subscription before they receive any further automated mail. This is to prevent one party signing up someone else to all the online mailing lists, and being sent hundreds of emails without their consent.
Although double opt-in is not an explicit requirement of GDPR, we highly recommend having it set up.
The above also applies to Terms & Conditions, for any e-commerce websites.
Responsibility & Accountability
It is the responsibility and liability of the data controller to implement effective measures and be able to demonstrate the compliance of processing activities even if the processing is carried out by a data processor on behalf of the controller.
You the website/business owner, are the data controller and need to be aware of this.
Failure to comply may result in administrative fines, for further information: Article 83(5).
We are currently setting up a GDPR Website Audit service for our clients, get in touch with us to enquire about this. We will release more details to our clients via email shortly.