A little while ago, we looked at how 3 in 10 marketing professionals admitted feeling ‘unprepared’ for the introduction of GDPR – the General Data Protection Regulations which come into effect in May 2018.
The deadline for organisations of all kinds and sizes to become GDPR compliant is edging closer, leaving very little time for companies to get their houses in order.
One of the main areas in which changes may be needed is your website. This is the central online hub for your business, and potentially where the most exchanges and processing of data take place (particularly for online retailers).
To help organisations make improvements ready for the advent of GDPR, here are some practical tips for improving data practices on your website:
- Pre-ticked opt-in subscriber forms. With GDPR on the horizon, it is a very bad idea to have opt-in boxes on subscriber forms already ticked when the page loads. This can be considered an attempt to ‘trick’ users into opting in, when they need to make a clear decision for themselves.
- Separating opt-in from acceptance of terms and conditions. Organisations need to unbundle and separate opt-in for subscriber and marketing lists from other things such as terms and conditions, where a user is obliged to agree in order to make a purchase.
- Who has access to the data collected through your website? It’s a good idea to compile a list of all parties who have access to the data that is collected through or stored on the content management system of your website. Do all of these parties need access to the data they currently have access to it? If not, measures should be implemented to control access.
- What do you do with customer data? As explained here by Tech Donut, a key part of GDPR legislation is clear, explicit consent from customers in collecting and using their personal data. It must be clearly accepted and understood how you will be using data that users provide. For example, if a customer supplies their email address in order to complete an order and receive delivery information, this does not necessarily mean that they are giving permission for you to send marketing emails unless they have explicitly agreed to it.
- Encrypting data. Of crucial importance when GDPR comes into effect will be how safe data is when it is submitted to your website. It is your responsibility to protect users’ personal and confidential information from hijacking or theft, and you can do this through data encryption. Your site can be fitted with an SSL certificate, which is also good for your credibility as a trusted, safe site in the eyes of customers.
Lastly, if you are a larger organisation, you may need to appoint a data protection officer to oversee the above and other measures to become GDPR compliant.
For more help getting your website ready for GDPR, or to improve the safety and security of your site overall, get in touch with the cybersecurity experts here at Ambos Digital.