GDPR – your it’seeze website and the General Data Protection Regulation
The General Data Protection Regulation (GDPR) came into effect in May 2018. A new set of rules concerning the privacy and security of personal information, GDPR aims to improve the control people have over their data.
As a business, this means you are responsible for protecting the personal data of customers, employees, patients, and anyone else who you hold information about. You must also gain someone’s explicit consent before you can use their data in specific ways, especially for marketing purposes. If you don’t comply with the regulations, you could face prosecution and hefty fines.
Your website is just one of the many places that your business or organisation will be collecting and processing data – this may be through contact forms, booking systems, third-party widgets, or through an online store, for example.
As the owner of your website, it is your responsibility to ensure you carry out the necessary steps to protect any personal data that comes through your site. At it’seeze, we’ve made this as straightforward as possible and have already implemented several measures on your website to help you achieve GDPR compliance quickly and easily.
Here’s what’s been done for you:
• SSL certification – if your website domain is registered through us, your website will have an certification as standard. You’ll know if your website is protected by an SSL certificate if your web address begins with https://, or if a green padlock icon appears next to your web address in the address bar of your browser. This is an essential security measure, and ensures that any data sent through your website is encrypted, making it unreadable and thus harder to access by potential hackers.
• Cookie notice – all visitors to your website will be presented with a cookie notice when they first arrive. This gives them the option to opt in or out of cookies (small data files used to improve user experience and collect statistical data about a person’s on-site behaviour) as they browse your website. This comes down to consent, and is a key consideration for GDPR.
• Checkbox options – we’ve equipped website features such as the comments component with a checkbox for consent, so anywhere you add a comment box, visitors will have to consent to having their name and message published on your website before they submit the comment.
• Data permissions – if you have a standard it’seeze Shop website, your customers are able to see what data you hold on them, and they can also download and delete this data too. Being able to access the information a business holds about you is one of the new rights brought in through GDPR.
Here’s what you need to do:
• Forms – every time you add a new form to your website, make sure the purpose of the form is explicit, so visitors know what they’re providing their personal data for. For example, every enquiry form should be accompanied by copy stating that you will contact them using the details they provide. You’ll also need to add a checkbox for consent to any forms that are collecting data for marketing purposes, such as a newsletter sign up form.
• Testimonials – if you want to add client testimonials to your website, make sure you have their explicit permission to feature their review alongside their name and business on your website, as this is personally identifiable information. Alternatively, use a GDPR-compliant review platform that can be integrated with your it’seeze website, such as Trustpilot.
• Third-parties – make sure all third-party tools or services that you use with your it’seeze website are GDPR-compliant. If you are embedding a widget using the iframe component for example, it’s your responsibility to ensure the widget provider has the correct procedures in place for handling your customers’ data.
For more information about GDPR and your website, read our FAQs.
Disclaimer: This article does not constitute legal advice, nor does it contain an exhaustive list of everything you need to do to achieve full GDPR compliance. We would advise that you consult a solicitor or a certified GDPR practitioner if you have any concerns about your business complying with the legislation.