GDPR Compliance after it has been unpacked

I have sourced a lot of information out there and have put together my own version of all of it, and will expand on this as I learn more, but in the mean time I have also referenced some very useful articles that clearly explained the compliance to me.

You may be wondering how on earth you can become GDPR compliant or does it really even matter. The more you research the more you will find it is in your own interests to get onboard this ship.

New European Laws that Affect your Website coming into effect 25th May 2018 – a very important read

These new European laws come into effect on 25th of May. The new GDPR compliance laws (General Data Protection Regulation) relate to your privacy policy and affect any website that stores data and information of any European citizen whether or not you reside outside the EU. This is a complicated new law which affects most businesses online. I have sourced many articles but here are some of the clearest and simplest to understand.

GDPR Explainer
General Data Protection Regulation
How to Manage Optin Emails and Signups

GDPR Compliance South Africa

The Good News (No more spam! No more Fake Marketing! Social Media Platforms can nolonger store your data without explicit consent!)

It is unclear how these new laws will be policed but one sure thing is that the aim is to protect people from corporations stealing your information and using it to spam you. But down to the lowest level everyone must comply. You no-longer have permission to market to your clients without their consent or collect their data, even through Google Analytics, without informing them.

The First Steps to Compliance

1. Create/Update your privacy Policy
Update or create a privacy policy on your website which clearly communicates what information you store about your clients. Most sites quietly collect anonymous data through google analytics. If you have an email optin you are collecting data and storing it. Most importantly if you have an e-commerce store you are collecting data but using a 3rd party payment gateway to collect and store credit card details. Any user that signs up to your website is giving you their data. (The third party payment gateways will have their own privacy policy and compliance in place).

2. Terms of Service
There are many useful sites that assist with creating a terms of service in compliance with DGPR. Create a custom link on the home page of your site and clearly state your terms.

3. Re-Permissioning your subscribers
If you are sending out a news letter be sure that every subscriber has granted permission and subscribed through a proper 3rd part service. If you are mailing subscribers who have opted out you are in breach. You need to get your subscriber permission AGAIN for storing their data, sending them information, marketing to them and so much more!

4. Convert your site to SSL
This is a key factor in compliance ESPECIALLY if you have an online shop. All clients of The First Step have access to an SSL certificate through Hetzner but the WordPress platform will require some additional plugins and tweaks to configure this as will as updates of your sitemaps and urls with Google analytics and Google Search Console. This means your website address will have a GREEN PADLOCK next to the address bar and your protocol will be https not http. This secures the pages served on your website and stops 3rd part information from being stolen which in turn further protects the privacy of your clients and users.

The First Step is offering several services to assist you with this transition. This in no way covers every aspect and I am still working to understand all the steps required to be fully compliant.

In most cases the law advises on assigning a compliance officer, however I would imagine that is costly and not necessary for a small business.

Please note that the basics of compliance are covered in this information. If you feel your site is served to European citizens (even those living in your country. Any EU citizens) then please take this seriously and do further home work on the subject of GDPR compliance. (In most cases European citizens are everywhere and google is collecting your website traffic data which in turn means you need to comply.)

The First Step will assist in several steps the most important of which are outlined below.

How do I make my website GDPR Compliant?

The First Step offers a number of key services to facilitate this transition.

Please fill out this GDPR Request Services form and request which services you require: