Get your website ready for GDPR

The countdown for GDPR enforcement is on, with mere days before the Regulation comes into effect – with a whopping €20 million (or 4% of global revenue fine) awaiting any business that infringes it. There’s a lot that can go wrong under GDPR, from not getting consent or failing to secure data. One major weak spot could be your website. So here are some ways to get your website GDPR compliant.

Patch your security

First, if you’re using WordPress or other open source software, then you must always keep track of any security vulnerabilities and patch them immediately. Always keep on top of your website maintenance.

If you’re using cookies, then you must inform visitors straight away. You also need to include it in your Privacy Policy.

Make sure your website has a security certificate. Your website’s URL will have ‘https’ if it does. Having a security certificate ensures that your customers’ contact details and/or payment information are kept secure.

It’s worth adding extra encryption to your website (like specific IDs for customers) to further secure your site and protect it from hackers. Any breach will need to be reported within 72 hours to the Information Commissioner’s Office (ICO) under GDPR and could be subject to those massive fines.

Explain use of personal data

People are going to have to opt-in to any mailing lists under GDPR. Automatic subscribes on your website will infringe GDPR so it’s best to remove those now. You should also make it clearer what people are opting into, from marketing to sales follow-ups.

All details collected will have to be justified. If you only intend to use personal data for email marketing, then collecting phone numbers is not justified. There needs to be greater transparency over what details will be used for.

Update your Privacy Policy

Your Privacy Policy should also have an update. It needs to clearly inform subjects on how long their data will be stored for and who they should contact for queries to do with their data or to have it deleted or transferred. It will also need to include how the data will be used (with marketing explicitly separate from all other data use).

Sort out your data management

You’ll need to arrange a way to remove someone’s data easily if requested, or to move it to another company if they ask it to be. Because of this, investing in a good data management system will be worth it in the long run. Similarly, you should identify all stores of data, not just from your website but also your financial, HR and marketing data.

Time is fast running out to get ready for GDPR and your business’ biggest vulnerability is likely to be your website. It’s the first port of call for many customers – and hackers. Make sure security is watertight around it, for your peace of mind, and your customers’.

Need some help getting your site GDPR compliant? Send us a message.