How to Ensure Your Website is GDPR Compliant

One of the most significant changes to the internet and online privacy was made earlier this year – the General Data Protection Regulation. This EU data protection directive affects every business with an online presence – even those who operate mostly in the US. It’s essential that you take steps to ensure your site is GDPR compliant to avoid any fines – which can be up to 4% of your total worldwide annual turnover of the preceding financial year. To keep your business and your customers protected, tackle these five tasks.

 Update Your Privacy Policy

If you haven’t touched your privacy policy in a while, or just copied it from someone else’s website, it’s time to update it. Make sure the policy is transparent about your collection and use of data, including cookie usage and any data privacy rules, as well as any data that is collected by plugins. Your privacy policy should be customized to your site, and include specific details about the type of data you collect, what you use it for, and how you protect it. Make sure your completed policy uses concise language that is easy for anyone to understand – not just an IT expert.

Obtain Consent to Use Cookies

To be GDPR compliant, you must obtain explicit consent from users to use cookies and track them. It is recommended you install a popup that prompts users to consent to or decline cookie use on their first visit. You cannot have a default answer, but instead but require the user to pick their option. Users should be able to use the site without cookie placement still, and you cannot use cookies if they don’t consent.

Use GDPR-Compliant Plugins

When you use third-party plugins, you need to be careful that they are also compliant with the GDPR rules. Start by reviewing which plugins use data and how they use it. The needs of your plugins should be included in your privacy policy, and still must abide by the cookies consent rules. Hopefully, your chosen plugins have already adapted to GDPR, but if they haven’t, you might need to replace them.

Streamline Forms to Limit The Data You Collect

You may utilize forms on your site to collect data from your users. To be GDPR compliant, you should only obtain the fields you require for processing. Moreover, as soon as you no longer need the data, it should be destroyed. This includes any data collected by plugins you have installed. Look for those that include a “do not store form data” option and select it to reduce risk.

Filter Mailing Lists

If you have a mailing list, it should include double opt-in, meaning that a user must confirm their subscription via email after they sign up. While GDPR does not require double opt-in, but it does ensure that you can prove consent was provided, which is required. If your mailing lists come from a third party, stop that process immediately. If those contacts did not consent to their emails being passed on, you would get busted by GDPR.

Make sure your emails always include an unsubscribe button at the bottom – especially if your contacts may have come from outdoor sources.

Stay GDPR Compliant

If you make these efforts, and in general work on being transparent and honest with your data usage to your site visitors, you shouldn’t have a problem. If you’re unsure whether or not your site is compliant, always consult a legal expert. Remember that at the end of the day, keeping your user’s data safe is right for them, and good for your business.