On May 25th the GDPR comes into force across all EU member states, bringing the biggest changes to data protection laws in a generation. This is going to affect all businesses and particularly those involved in eCommerce and digital marketing. If you’ve not reviewed your website or email policies yet time is running out. With this in mind we have compiled a GDPR guide of must do’s to ensure clients understand the steps they need to take ahead of the new regulations.
Our experts can advise you and recommend necessary amendments to your website, security and digital marketing in accordance with GDPR directives. We can review your online presence and carry out essential alterations in advance of the GDPR deadline.
The new regulations are far-reaching and extend to every aspect of your digital presence, data collection and online strategy. If the answer to any of the following questions is ‘No’, you should contact us in respect of the GDPR and amendments you need to make to your website or online marketing.
Strict criteria for opt-ins are stipulated in the GDPR. Users MUST have explicit choice in how they are contacted and what they are contacted about. Most current practices won’t meet the new requirements. If you rely on Consent as your Lawful Basis for handling individuals’ data this must satisfy the new opt-in requirements under the GDPR. If not, you will have to re-obtain opt-ins ahead of the May 25th deadline.
Privacy Notices are a key component of the GDPR and must include clearly stated requirements. Layout, design and formatting are also important requirements, requiring Privacy Notices to be accessible, engaging and easily navigable.
You are required to clean up your email lists and MOST IMPORTANTLY, update the ‘Lawful Processing Rights’ for every customer.
More often than not, cookie acceptance notices are standardised and generic. Under GDPR this will no longer be compliant, as it only suggests implied consent rather than demanding a positive, freely given action. Websites will need to gain active opt-in for cookies and ensure privacy notices provide details of cookies used and for what purpose. Consent will need to be an affirmative action, not a preconditioned acceptance of visiting a website.
Websites (indeed, all data collection & storage mechanisms) must review and demonstrate secure and robust data capture and storage. This should involve techniques like encryption, anonymisation and access control. Systems and software packages should be included in Privacy Notices, as should back up procedures.
The GDPR emphasises the importance of data quality and ‘minimisation’.
Our software licenses were purchased with this in mind to support the data quality of our clients.
This includes any additional organisation or individual handling, using or acting on data on behalf of a website. This could be anything from payment mechanisms, delivery companies, through to analytics or data validating services. 3rd parties are classified as ‘Processors’ under the GDP and for each one, contracts, security and Privacy Notices need reviewing, both for GDPR compliance and responsibility mitigation.
We appreciate this change can be a little daunting however our team are here for you to advise and recommend the essential alterations needed to ensure your compliance. Please feel free to give us a call on 01743 360000 or send an email to firstname.lastname@example.org