How to get your website ready for GDPR

GDPR advice for websites

How to get your website ready for GDPR

The General Data Protection Regulation (GDPR) is getting business owners in a frenzy.

What exactly do you need to include on your website and how do you ensure customers are communicated with legally and that their data is held securely?

Undoubtedly this has raised concerns, but as long as a documented process is in place and appropriate measures are taken to inform customers and keep their data safe then you should be compliant.

We recommend carrying out your own research but the following steps are a guide to keep you on the straight and narrow and make sure your website is ready for the GDPR coming into force on May 25, 2018.

 

Publically available documents

Several key documents need to be accessible on your website to be legally compliant. Documents can easily be uploaded to the ‘media’ section of your site and displayed via a link to a PDF or you can create a new page on your website. You will need:

 

Terms of use for the website

This can vary depending on whether you operate an e-commerce site or an information site and whether you collect data or use a contact form.

Important business information to include will comprise of:

  • The company name and registration number
  • The registered office address and country of registration
  • The VAT number (if applicable)
  • Contact details – telephone, email – and a means of non-electronic contact
  • Details of any trade body or regulator registration such as the Financial Services Authority (FSA)

Why not take a read of our Terms of use to see an example.

 

Terms of use for an e-commerce website

If your website is an e-commerce platform, a full explanation about the products and services offered, including delivery processes and charges, must be clearly visible. Supplier details and cancellation rights need to be freely available and you must also provide the buyer with information pertaining to the use of their data and transaction including:

  • Written (email) confirmation of their order
  • Cancellation and cooling off period
  • Steps required to complete a transaction
  • The opportunity to correct mistakes or change details before order completion
  • Details on whether a contract will be permanently filed and/or accessible by the buyer

This information is required by law and consumers must agree to your terms before completing a transaction. If this step is missed you could be liable to refunds and cancellations months later.

 

What is an SSL Certificate?

Privacy Notice for your website

Make sure you have an SSL Certificate to show your website is secure. This will confirm to the search engines that you have a safe site as well as showing visitors the little green padlock in their browser instead of a large ‘unsecure’ proceed at your peril message.

Some of the general details in your website terms of use will intersect with a privacy notice. Essentially, what you need to confirm is how consumer data is used, stored and transferred.

It’s important to note that some data collection forms store data within website files. It is recommended to avoid this type of plugin or software so that once an order has been placed, details are only stored in a secure facility.  

 

Cookies policy

Cookies are nothing new but many businesses still do not display their usage in accordance to the Privacy and Electronic Communications Regulations. It is a legal requirement to notify a visitor if cookies are in use to collect and store data. Whilst many companies choose to use pop up notifications, it is perfectly acceptable to reference the use of cookies as part of your privacy policy.

 

Under fire from all sides

Cookies, privacy notices and terms of use policies are required by law. Be aware that non-compliance of the requirements can result in legal action being filed against you, not only from website users but also the Information Commissioner’s Office and local Trading Standards offices.

Terms and conditions form a common business document that is highly recommended, although there is no definitive guidance of what is required by law. A document is still recommended and its contents will depend on your business and website type. A safe bet will be to include:

  • A copyright claim or trademark
  • A basic disclaimer to limit your liability against errors on the site
  • A condition that user-published content (if allowed) is not endorsed

The main thing to remember is to spend time conforming to website obligations because if the worst should happen, this is where the courts will turn. And what is the worst that could happen? Non-compliance could result in a maximum 20,000,000 Euros or up to 4% of your annual worldwide turnover (whichever is the greater sum). Obviously the big boys will be in the line of fire first but we wouldn’t recommend you putting anything to chance.

 

One final thought

Your website is a visual digital entity and it’s likely that you may showcase images with people.

Individuals can be identified from images and contextual information included as a caption or descriptive paragraph. This will be classed as personal data if the focus is on one person or a group of individuals therefore it’s recommended to gain written permission to use the photographs and to explain where the images will be publically visible and for how long.

This is a requirement for photographs with children so it should be an easy introduction for all ages.  

For images that include people in the background or large groups of people, such as at a concert or football crowd, written permission is clearly unobtainable and therefore reasonably acceptable to use. The person or organisation taking the photos (if its purpose is professional) should advise people through signage and/or prior notification.

Purchased stock images will have their own copyright and usage requirements so double check the small print.

 

Need help with the legal documents for GDPR?

Members of the FSB can log in to view over 200 factsheets and in excess of 500 legal documents including some GDPR essentials.

 

Eliminate uncertainty with an audit

If time has got the better of you or you’re unsure about your website’s construction let’s have a chat to see if we can help. Send an email to contact the team today.  

 

Download our GDPR Checklist

Want to make sure that you have all the aspects in this blog covered on your website? Download our quick GDPR checklist.

 

Want more advice?

Receive hints and tips on how to improve and protect your website – Sign up today