GDPR Compliance after it has been unpacked
I have sourced a lot of information out there and have put together my own version of all of it, and will expand on this as I learn more, but in the mean time I have also referenced some very useful articles that clearly explained the compliance to me.
You may be wondering how on earth you can become GDPR compliant or does it really even matter. The more you research the more you will find it is in your own interests to get onboard this ship.
New European Laws that Affect your Website coming into effect 25th May 2018 – a very important read
The Good News (No more spam! No more Fake Marketing! Social Media Platforms can nolonger store your data without explicit consent!)
It is unclear how these new laws will be policed but one sure thing is that the aim is to protect people from corporations stealing your information and using it to spam you. But down to the lowest level everyone must comply. You no-longer have permission to market to your clients without their consent or collect their data, even through Google Analytics, without informing them.
The First Steps to Compliance
2. Terms of Service
There are many useful sites that assist with creating a terms of service in compliance with DGPR. Create a custom link on the home page of your site and clearly state your terms.
3. Re-Permissioning your subscribers
If you are sending out a news letter be sure that every subscriber has granted permission and subscribed through a proper 3rd part service. If you are mailing subscribers who have opted out you are in breach. You need to get your subscriber permission AGAIN for storing their data, sending them information, marketing to them and so much more!
4. Convert your site to SSL
This is a key factor in compliance ESPECIALLY if you have an online shop. All clients of The First Step have access to an SSL certificate through Hetzner but the WordPress platform will require some additional plugins and tweaks to configure this as will as updates of your sitemaps and urls with Google analytics and Google Search Console. This means your website address will have a GREEN PADLOCK next to the address bar and your protocol will be https not http. This secures the pages served on your website and stops 3rd part information from being stolen which in turn further protects the privacy of your clients and users.
The First Step is offering several services to assist you with this transition. This in no way covers every aspect and I am still working to understand all the steps required to be fully compliant.
In most cases the law advises on assigning a compliance officer, however I would imagine that is costly and not necessary for a small business.
Please note that the basics of compliance are covered in this information. If you feel your site is served to European citizens (even those living in your country. Any EU citizens) then please take this seriously and do further home work on the subject of GDPR compliance. (In most cases European citizens are everywhere and google is collecting your website traffic data which in turn means you need to comply.)
The First Step will assist in several steps the most important of which are outlined below.
How do I make my website GDPR Compliant?
The First Step offers a number of key services to facilitate this transition.
Please fill out this GDPR Request Services form and request which services you require: