Many of our clients ask us, is my website GDPR compliant?
There are a number of things that you may need to consider when looking to make your company website GDPR compliant. To help we have pulled together the most common questions and answers relating to GDPR and how in practical terms your website can become compliant.
QUESTION: What Compliance Documentation do I need to include on my web site?
ANSWER: The ICO states “Being transparent and providing accessible information to individuals about how you will use their personal data is a key element of the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR). The most common way to provide this information is in a privacy notice. “
A privacy notice describes how you collect, use, store and disclose a person’s personal information. This can include a section on the use of cookies, if you do not already have a separate cookie policy or information page.
QUESTION: We track visitors using Google Analytics, is this acceptable from a GDPR perspective?
ANSWER: Google Analytics is used to track users so you know more about which pages, products, and services your potential customers are looking at. At present the use of Google Analytics we believe is in line with the rules of GDPR.
QUESTION: Do we need to change the Contact Forms on our site to be GDPR compliant?
ANSWER: If your site has a contact form, or any other form that requests personal data, you should ideally ask the person who is filling in your form to explicitly agree to the following:
- Any Terms and Conditions and Privacy Statements
- The use of their details for marketing purposes directly by yourself
- The use of their details being sold, shared with or given away to any third parties
- The types of method of contact in which they opt into (e.g. Email, Phone, Post)
If your site stores the contact forms on the website, and it is not a feature you are using it is advisable to remove this feature. Alternatively, it is fine to keep this feature as long as you actively monitor the information stored and update and remove any relevant information as required.
QUESTION: My site has a private Client Portal with a login, are there any special considerations I need to understand in relation to GDPR?
ANSWER: If your site has a client portal, or private access for your employees, then there are additional steps you may be required to take. This may be very specific to your site and therefore will require a conversation with us at LightMedia.
NEXT STEPS
If you do not wish to update your website yourself LightMedia can help you become compliant by making the changes for you. All we need are your Privacy Notice and Terms & Conditions. Please contact us for a no obligation quotation.
Please remember, if you have an active LightMedia Maintenance Support Contract we can do the work under the agreement using the allocated support hours which means no additional charges. If you don’t have a Support Contract please click here for further information.