GDPR and Making your website compliant

GDPR WEBSITE COMPLIANCE

As you may be aware the new GDPR legislation is due to come into effect on the 25th of May 2018

In order to help you become compliant we have implemented a series of updates on all sites hosted on our EOS Platform.

Find out more about GDPR and what you need to do in this article.

As you may be aware the new GDPR legislation is due to come into effect on
25th of May 2018

The General Data Protection Regulation (GDPR) imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU). This also includes those that collect and analyze data tied to EU residents. The GDPR applies no matter where you are located.

In order to help you become compliant we have implemented a series of updates on all sites hosted on our eOS Platform and detailed a number of steps that you should take in order to ensure you are fully compliant.

The following is not legal advice, but is our understanding of what you should do to become GDPR Compliant.


Things that you should do:

1) Update your Privacy Policy on your website to:

     a) Explicitly say what you use any stored user information for.

     b) Explain the process by which a user can request all information that you hold on them

     c) Explain the process by which a user can request that their details be deleted in full from your website / mailing lists etc

Please see here for instruction on how to update your Privacy Policy if you are unsure.

To view an example of the required content for your privacy policy and how this can be detailed, please click here


2) Ensure that all forms on your website, including registration and contact forms, have the options to click to view Terms & Conditions and tick to accept this. This must be clearly laid out and must NOT be prefilled or pre-checked.

To learn how to update the forms on your website for GDPR Compliance, please click here


3) Contact all of your customers before the 25th of May to request their consent for you to keep their details on record and to be able to contact them for defined purposes.

To help you do this with your website customers, we have built a custom CRM database to manage GDPR based data. This will allow you to download a full list of all of the customer accounts on your website. Each one has the data you currently have stored on them along with a link you can send them allowing them to come to your website and confirm they accept your Privacy Policy and give consent (or choose not to) for you to store and use this data accordingly.

To learn how to download your data from your new CRM please click here


4) Store all personal data in a secure manner

5) Appoint a data protection officer ( this cannot be your IT Manager )

6) Store only data that you have a valid business reason to keep

7) Define who has access to what data and how it is secured.


Things that you should NOT do:

1) Contact any person for business purposes that has not explicitly given you their consent to do so.

2) Pass on any persons details to a third party unless you have their explicit consent to do so

3) Pre-tick any form of consent option, ie acceptance of third party marketing.


If you want to understand the requirements and expectations in more detail, The Information Commissioner has provided an excellent set of resources for your reference. Click here to download a copy of this easy to follow guide.

In the meantime, you can view below the steps we have taken to meet the requirements for your websites, and what you need to do on your website to ensure compliance.


What we have done to all eOS websites

1) We have created a mini CRM in site for recording GDPR data for any persons, optionally including the customers within your site. This will help you to see in a single interface the consent status of your database and manage this accordingly.

2) Added a 'GDPR consent to contact' tick box on the admin customer edit / information screen and an accompanying date of when this consent was granted - (once you have gained consent from any user you can complete the information in the user account area - unless automated)

3) Updated the user deletion code so that it removes all data the user may have uploaded to the site, or that is stored in the site, including their order history - (you will have the ability to delete users direct from their account when managing users in your website)

4) Added the GDPR Consent and date fields to customer data downloads

5) Provide a GDPR Compliance link within your site admin. This will give you a link which you can include in emails to customers which will allow them to login to your site and confirm their consent for you to hold their details.

5 a) Once they have clicked 'consent' then an email will be sent to them confirming this, and will additionally contain links to request download of their site data and to request deletion.


What do you need to do to your website?

You should follow best practice guidelines and implement the following features into your website. Due to the GDPR being imposed beyond our control and the expected volume of requests for this work, we are unable to implement individual on site work (outside of the code base updates we have done) as part of our standard support package. With this in mind we have created some step by step guides which will allow you to make these updates in your admin area.

To read the full guide and make your website GDPR Compliant please click here


The key steps outlined in the guide are

1) Update your Privacy Policy as detailed above

2) Update your registration, contact and website forms to include a tick box that states that the customer agrees to their data being collected

3) Utilise the user management GDPR features that we have integrated into your website to manage and maintain your customer database. This includes monitoring the data in your new CRM in order to email your customers with their unique user account PPA and Forget me links, to give them the options to give consent or choose to be deleted from your records.


Get Started

All global updates will be rolled out to every eOS website with the GDPR tools ready for your use. 

You will be able to make the required updates by following our tutorials. We recommend setting aside an hour to read the tutorials in order to implement the required changes once you have written your new privacy policy. 

Learn how to make changes to your website for GDPR Compliance


If you would like a member of the team to implement all or a selection of the manual changes and updates for you, we can offer this service also.

Request updates for your website for GDPR Compliance
 

Request updates for your website for GDPR Compliance

Get in Touch

Learn how to update your website for GDPR

Find out more

Become a Guest Blogger

Do you have an article to post about Digital Media & Marketing? Maybe Design or Social Media is your passion? If so we'd love to hear from you.

Find out more

Related Articles