GDPR is bounding towards you, like some angry, data-based leopard. If you trade online and you haven’t already checked your compliant then your at risk of being fined. What do you need to do?
1. Active opt-in forms
Got forms that invite people to subscribe to stuff? Contact preferences must default to ‘no’ or blank. Or you will be turned into a pillar of salt.
2. Separate consent
Asking for consent? You need separate consent for accepting terms and conditions and other data usage.
3. Easy opt-out
You’ll need to make it so simple to remove consent that Peppa Pig could handle it. And make users aware they can withdraw consent at any time.
4. Named parties
Web forms must clearly identify each party that’s being given consent. You’ll need to name third-party organisations.
5. Sample privacy notice
Helpfully, the Information Commissioner’s Office (ICO) offers a sample privacy notice that you can shamelessly nick for your website.
But it doesn’t stop there. Nope. You’ll need to update your Ts and Cs to reference GDPR terminology. You’ll want to make it clear what you’ll do with data once you’ve received it, and how long you’ll keep it on your website and on your office systems.
You’ll also need to state how and why you’re collecting data and name the apps that you use.
6. Online payments
In e-commerce? Your website might be amassing personal data before it reaches the payment gateway. You’ll need to adjust your site so that this data is removed after a reasonable period. A couple of months should be fine.
7. Third-party tracking
Does your site use third-party marketing-automation software to track leads? These apps might be tracking users in ways for which they haven’t given consent. That could mean tracking browsing behaviour when users return to your site or look at specific pages. So far, developers of these apps insist they’re GDPR-compliant.
Got any more questions? Drop us a line here at e:command and we’ll make sure we confuse you even more.