Who must comply with the GDPR?
Any organization that processes the personal data of people in the EU must comply with the GDPR. “Processing” is a broad term that covers just about anything you can do with data: collection, storage, transmission, analysis, etc. “Personal data” is any information that relates to a person, such as names, email addresses, IP addresses, eye color, political affiliation, and so on. Even if an organization is not connected to the EU itself, if it processes the personal data of people in the EU (via tracking on its website, for instance), it must comply. The GDPR is also not limited to for-profit companies.
Ensure your site is GDPR compliant.
The General Data Protection Regulation (GDPR) comes into effect on 25th May 2018. Whilst many are considering this the “doomsday” of marketing, it is in fact a straightforward process provided that you understand how to make your website GDPR compliant.
The motive behind the EU regulation is to protect consumers and customers against the rising data breaches, which is costing the UK economy billions of pounds a year. Several large firms have fallen victim to breaches including eBay, Linkedin, Bupa and Zomato.
The two key factors of the GDPR regulation are simple: keep customer data secure and make marketing communications as clear as possible. Failing to uphold these standards many result in a hefty fine which is has been lifted from 500,000 euros, to 20 million euros or 4% of annual turnover. Below we explain how to incorporate these themes and make your website GDPR compliant.
Online Contact Forms
To make your contact form GDPR compliant, it can help if you justify why you are asking for any details. For instance, when the user is adding their phone number or email address, it helps for information to pop up saying “This is how we will contact you” or similar.
Something compulsory to add to your contact form is having a tick box for users to confirm that they accept the terms of using your website and how they agree to be contacted.
A further tick box must be added if you wish to send further marketing communications to the customer. This tick box must be unticked when they start and you will need a specific box for each type of communication whether it is email, text message or post.
A key feature of the GDPR regulation is to ensure that customers or emails users do not receive unsolicited emails, whether it is companies they know or do not know. Prior to 25th May 2018, organisations have been encouraged to email their entire list of subscribers and ask them to opt-in again to receive future email newsletters, updates and promotions.
If customers choose to ignore these emails, they will be automatically unsubscribed which has been welcomed by many who are looking to reduce their intake of promotional emails.
Moving forward, website owners must only send out email marketing material to those individual who have officially opted-in and make it easy for people to unsubscribe. Should they disobey and this is reported, they may be prosecuted by the ICO.
To emphasize the security of customer data, website owners are required to keep all data secured in an encrypted environment. By adding an https protocol to your website, you are helping encrypt the data that customers fill on your site.