Is Your Website GDPR Compliant?
GDPR has been around now since 2018, yet it is still a hot topic for website owners who risk massive fines for not being GDPR compliant in handling their customer’s and website visitors’ data. Much of the GDPR is the same as the UK’s predecessor, the Data Protection Act; however, there are some new rules and information that you need to be aware of, so we’re providing this guide to help you make sure your website is GDPR compliant.
What Is GDPR?
GDPR stands for General Data Protection Regulation and was introduced and adopted by EU members in 2018. The UK still has this regulation in place post-Brexit. It applies to anyone who collects or processes personal data and governs how it is collected, processed and stored.
Compliance with GDRP is paramount for all website owners. The fines that can be dished out can be catastrophic, not to mention a PR disaster.
How Does GDPR Apply To My Website?
Ignorance is not a defence when it comes to GDPR and being compliant. Some small business owners have fallen foul of the regulations by not realising what data is collected on their websites. Three examples of this can be:
Website Analytics: Google Analytics is a free tool used by website owners worldwide. Did you know if you know website visitors have to opt-in to data being collected? And no data can be collected before getting their express permission?
Facebook & Instagram eCommerce: If you own an eCommerce store and sync your store with Facebook and Instagram, you could inadvertently disclose customer data without knowing. This is more an issue if you use WooCommerce and the Facebook plugin for WordPress. It automatically adds a tracking cookie to your website. If you do not have a system to allow website visitors to opt-in and out of this cookie data collection, you are breaching GDPR.
Those are just three simple ways a website can fall short of the GDPR regulations without realising it. There are many more ways besides these examples.
How Can You Make Your Website GDPR Compliant?
Every website is different and will need different systems and processes to comply with GDPR regulations. However, you need to implement a few fundamental aspects of your website to ensure that the basics are covered.
Ensure that your website has up to date policies for both Privacy and Cookies. These policies should contain how data is collected and processed and how long it is stored. It should also outline why it is collected, such as to be able to provide goods and services or just for marketing and website analytics.
Cookie policies need to outline every cookie used on your website and the why, how long and how they are stored. You also, for both policies, need to make it clear where the data is stored, as GDPR dictates that the information, unless you have prior permission, cannot be stored or transported in any format outside the EU. This includes servers and data storage for all aspects of your website. Which is a big problem for the users of Google Analytics as all data is stored in the USA.
Opt-in & Opt Out Of Data Collection
Ensuring that your website is as secure as possible and that your entire website is protected with an SSL certificate is paramount. You could still be held responsible if data being transferred between your site and the customers’ device is intercepted if you are not taking adequate steps to prevent it.
GDPR is such a complex issue for business owners that it is too big to fit into a tiny blog post. You can do many things to help ensure compliance with the regulations. For instance, here at E2E Studios, we have a self-hosted version of Matomo Analytics hosted on our private servers. It is fully GDPR compliant and replaces Google Analytics; we use it both for our own website and for clients who wish to use it for theirs.
The critical thing to remember is not to be an ostrich and burying your head in the sand. GDPR is here to stay. You need to ensure your website and business comply with it to avoid fines and bad publicity!
There are lots of resources for website owners and website designers/developers alike from websites like:
If you need any assistance in ensuring that your website is GDPR compliant or interested in discussing our in house website analytics system for your site, get in touch, and we can help you out!