The new GDPR legislation is set to not only transform business systems and practices but the digital and marketing landscape forever, having a big impact on your website too.
A bold statement for a bold piece of legislation. From 25th May 2018, the way businesses handle and process data both digitally and traditionally for marketing purposes, will need to be assessed, analysed and improved for compliance to be successful; avoiding unnecessary fines. Many larger organisations have begun data mapping exercises in preparation; the first step for GDPR compliance, according to the ICO.
You can read more on GDPR basics in our previous article: GDPR The New Data Legislation That Businesses Must Adopt.
How does this affect your website?
As the online store-front of your business, your website will be collecting personal data about its visitors. This data will come from various sources and for different reasons, as will your newsletters, e-shots and other marketing tools.
It’s important, as a business owner, that you know how your website and e-marketing habits collect data from visitors and consumers. Mapping how this data is collected, what is collected and what the information is used for by your business is an initial step to take.
According to the ICO, the UK’s Independent Authority set up to distribute information on GDPR, consent is a key component of the legislation. Business owners must take steps to develop strong “opt-in” processes for visitors rather than softer methods used before i.e. “tick this box if you do not wish your data to be shared with third parties.”
Extra Note: SSL Certificates
In order for websites to collect data safely from its visitors, websites should be armed with an SSL Certificate. This is a data file that when installed onto a server will allow a secure connection between server allows a secure connection to a browser. If your site has an SSL certificate, you’re partly on your way to being compliant. It’s what you do with the data afterwards that needs to be complaint also.
What can you do to prepare your website and e-marketing for GDPR?
There are further, actionable steps following data mapping that you can work towards, to ensure compliance and continued brand trust:
- Improve your Privacy Notices – Information on how you intent to use the personal data of those visiting your site or contacting you via your website need to be, “concise, transparent, intelligible and easily accessible…written in clear and plain language…free of charge.” (source: ICO. Link Below).
- Put processes in place for a breach – this particularly affects businesses with a CMS within their website or databases for marketing purposes. All breaches of personal data must be reported within 72 hours or companies can face huge fines under GDPR.
- Provide “Opt-In’s” rather than “Opt-out’s” – whether visiting your website or filling in details to receive your newsletter, visitors and customers will need to be given clear options to opt into your marketing communications or to share their data with your website analytics: “There must be some form of clear affirmative action – or in other words, a positive opt-in – consent cannot be inferred from silence, pre-ticked boxes or inactivity,” according to the ICO (source below).
- Working on Permission – under Direct Marketing rules from the ICO, permission must be sought from individuals to send out direct marketing campaigns and where permission is given, it must be made clear how their personal details can be removed upon request. Individuals must be able to clearly see how they can “opt out” of future marketing communications.
Taking the steps now to ensure compliance for your digital marketing and website will not only save you from the possibility of a hefty fine, but it will help you, as a business build a more interactive and involved audience. With some clever marketing directed only to those who are already interested, GDPR could be a powerful system-changer.
Contact Us for help with ensuring your website and e-marketing methods are GDPR compliant.