GDPR – your it’seeze website and the General Data Protection Regulation

The General Data Protection Regulation (GDPR) came into effect in May 2018. A new set of rules concerning the privacy and security of personal information, GDPR aims to improve the control people have over their data. 

As a business, this means you are responsible for protecting the personal data of customers, employees, patients, and anyone else who you hold information about. You must also gain someone’s explicit consent before you can use their data in specific ways, especially for marketing purposes. If you don’t comply with the regulations, you could face prosecution and hefty fines.

Your website is just one of the many places that your business or organisation will be collecting and processing data – this may be through contact forms, booking systems, third-party widgets, or through an online store, for example. 

As the owner of your website, it is your responsibility to ensure you carry out the necessary steps to protect any personal data that comes through your site. At it’seeze, we’ve made this as straightforward as possible and have already implemented several measures on your website to help you achieve GDPR compliance quickly and easily.

Here’s what’s been done for you:

    SSL certification – if your website domain is registered through us, your website will have an certification as standard. You’ll know if your website is protected by an SSL certificate if your web address begins with https://, or if a green padlock icon appears next to your web address in the address bar of your browser. This is an essential security measure, and ensures that any data sent through your website is encrypted, making it unreadable and thus harder to access by potential hackers.

    Cookie notice – all visitors to your website will be presented with a cookie notice when they first arrive. This gives them the option to opt in or out of cookies (small data files used to improve user experience and collect statistical data about a person’s on-site behaviour) as they browse your website. This comes down to consent, and is a key consideration for GDPR.

    Privacy policy – your website comes equipped with a standard privacy policy detailing the many ways that data is stored and processed within the it’seeze website editor. It also informs visitors of the different cookies in use on your website. You will need to add more information to this policy about the way your business collects and processes data (more on this below), but you don’t need to worry about the technical side of your website’s data collection as this will be generated automatically.

    Checkbox options – we’ve equipped website features such as the comments component with a checkbox for consent, so anywhere you add a comment box, visitors will have to consent to having their name and message published on your website before they submit the comment.

    Data permissions – if you have a standard it’seeze Shop website, your customers are able to see what data you hold on them, and they can also download and delete this data too. Being able to access the information a business holds about you is one of the new rights brought in through GDPR.

Here’s what you need to do:

    Privacy policy - you need to add information to your website's privacy policy about what personal data your business collects through your website, what you use it for, how you store it and for how long, and who you share it with. You can learn how to edit your privacy policy here. Typical examples of information you might be collecting through your website include personal details sent through an enquiry form and email addresses collected through a newsletter sign up form. You also need to include details of any third parties collecting data via your website, such as a booking form or Instagram feed. You can find more information about the different types of data you need to include here.

    Lists – if the contact forms on your website are set up to store enquiries in lists, you need to make sure this data is routinely deleted in line with the time period you’ve set for data storage, as outlined in your privacy policy. You can see how to manage website lists here. 

    Forms – every time you add a new form to your website, make sure the purpose of the form is explicit, so visitors know what they’re providing their personal data for. For example, every enquiry form should be accompanied by copy stating that you will contact them using the details they provide. You’ll also need to add a checkbox for consent to any forms that are collecting data for marketing purposes, such as a newsletter sign up form.

    Testimonials – if you want to add client testimonials to your website, make sure you have their explicit permission to feature their review alongside their name and business on your website, as this is personally identifiable information. Alternatively, use a GDPR-compliant review platform that can be integrated with your it’seeze website, such as Trustpilot. 

    Third-parties – make sure all third-party tools or services that you use with your it’seeze website are GDPR-compliant. If you are embedding a widget using the iframe component for example, it’s your responsibility to ensure the widget provider has the correct procedures in place for handling your customers’ data.

For more information about GDPR and your website, read our FAQs.

Disclaimer: This article does not constitute legal advice, nor does it contain an exhaustive list of everything you need to do to achieve full GDPR compliance. We would advise that you consult a solicitor or a certified GDPR practitioner if you have any concerns about your business complying with the legislation.