11 Apr How to make your website GDPR compliant
With GDPR (General Data Protection Regulation) the hot topic in the business world, we’ve been working hard to study the regulations and work out EXACTLY what you need for your website to be GDPR compliant.
Let’s face it, your website is your shop window for your business. It’s where everyone looks at you and it’s the centre of your marketing activity. You drum up your traffic and lead it to your website which is all set up to convert your visitor into an enquiry – brilliant huh?
Well, with the advent of the new GDPR legislation in May 2018 your website IS going to be affected, and whilst the 20 million Euro fines are aimed at the big corporates, the fines available to hand out to small businesses are big enough to worry about (10,000 to 50,000 Euros).
The point is, you HAVE to be seen to be being compliant if you aren’t you are at best facing the risk of being reported by spiteful competitors or unsatisfied customers. That’s all it takes for a report to be filed and you have months of work, worry and potential costs ahead of you.
So, what DO you need to do?
The regulation states that you must have documentation on your website that includes the following:
- User Content agreement (for sites that allow users to upload content directly)
Don’t be fooled into thinking that creating
these documents is a quick and painless process though.
Each document is both comprehensive and detailed, and this is deliberate to comply with GDPR’s ‘clarity’ objectives; however this does make the process bulky and long-winded. We’d allow a few days to answer all the relevant questions, research and document what’s needed in an easily digestible format. You don’t have to be a trained solicitor to do this, but it does all take time. Once you have all the information required, you could take it to a solicitor who is likely to charge you in the region of £190 per hour and spend a full day working with you to complete the documentation (£1600).
For example, some of the research for this includes working out which cookies are active and present on your website, what they do, whether they are persistent or session-based, essential or non-essential; and then going on to document each.
Furthermore, this documentation needs to be very visible on your website; easy to find and to navigate to. You might expect that installing this documentation on your website would be a simple ‘upload’ or a plugin to set up. Unfortunately this isn’t the case. The GDPR specifically states that you need to use a ‘layered’, ‘easily digestible’ approach to helping non-technical users navigate around the documents.
We’ve all been confronted with what feels like thousands of lines of size 6 font text that we have absolutely no intention of reading; ever. GDPR is making it ‘significant’ to ensure that visitors to your site could actually read and digest this content.
To do this properly you will need to:
Create the relevant pages on your website.
- Add links to the footer of your site so they are consistently shown on all pages and post and therefore constantly ‘accessible’.
- Add internal page links from a table of contents within the documentation to help visitors navigate to specific sections easily.
- Add accordions throughout the documentation to help ‘layer’ the information and declutter the page.
- Update all contact forms to include specific, granular consent that allows your customers to opt-in to the specific type of updates that they want to receive. For example, a newsletter is a different type of content from a ‘special offer’, so they need to opt-in separately.
For information on how Media Identity can help make your website GDPR compliant click here.