How does GDPR effect your website?
The Data Protection Act controls how your personal information is used by organisations, businesses or the government. Everyone responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
• used fairly and lawfully
• used for limited, specifically stated purposes
• used in a way that is adequate, relevant and not excessive
• accurate
• kept for no longer than is absolutely necessary
• handled according to people’s data protection rights
• kept safe and secure
• not transferred outside the European Economic Area without adequate protection
How does this effect your website in a nutshell? No doubt you have an online form for potential clients to get in touch and this will fire you an email or write to an email marketing database. However, provable consent must me explicitly given before you can process their data and it can only be used for the purposes that it was given. For instance, if somebody is enquiring about your services, that does not give you permission to arbitrarily add them to your email database. For this, you will need to inform them at the point of enquiry.
What about Google, Mailchimp, Salesforce etc? These are third party data processors and they are controlling data on your behalf. Most are all in the process of becoming GDPR compliant and if they are not, you should seek to find an alternative supplier. Check their privacy policies and make sure they are GDPR compliant.
So what action should I take? Certainly, your privacy policy will need to be updated. There is no one size fits all, because everybody uses data differently. Be clear and concise and explain how they can request a copy of any data your hold on their behalf and how this can be deleted. To be completely transparent, it’s also worth adding a handy copy of your privacy policy next to any online forms. If in doubt, seek out a GDPR audit for ‘peace of mind’.