Make Sure Your Website Plays By the Rules: GDPR Compliance Checklist5 min read

If you are an online business owner, probably you already know that new requirements of GDPR (General Data Protection Regulation) are going to be introduced on May 25th.

If you still don’t know anything about it, then you just got yourself fortunate to find this post.

Due to growing concerns over privacy and confidentiality of people who use online services, as well as many different types of websites, new rules and regulations are overdue in 2018. Now the authorities want to make sure that the sites take consent from the users before asking for their data, and inform them adequately on how that data is going to be used.

Why is this so important?

It is crucial for you to understand these and make sure your website becomes GDPR compliant. If you don’t pay any heed to that, there is a huge possibility that you will suffer legal repercussions in the long run.

From the very moment, GDPR becomes active; the users will have full rights to sue the websites who used their information without taking consent beforehand.

You might not even know which user is complaining and taking you to courts. Your website can be shut down, and at the worst case scenario, you might also have to go to jail. So, it is more than evident that there is no alternative to making your website GDPR compliant.

It’s no secret that GDPR is going to have an enormous impact on website activities, designs, marketing, social media activities as well as e-commerce.

At the initial stage, website owners might find it quite difficult to cope up, as many things that have been kept the same way needs to be changed.

But the changes in the regulations are nothing more than what is required in this era of online vulnerability. Even if you don’t like the changes in law, you are not a decision maker regarding that.

So, it is better not to revolt, instead to adapt. So let’s see what you should do for making your website GDPR compliant.

FORM GDPR

Forms

If your website allows or requires the users to open their separate accounts, then definitely you will need the users to fill up forms while they are opening the account for the first time.

Also, forms that send an invitation for subscribing to newsletters are used in many instances as well. Make sure the default option while asking about subscription is always ‘No.’

If the user wants to subscribe, then he/she can choose it for himself/herself. This means active Opt-ins are mandatory.

Secondly, you need to ask for consent to the users if they are to accept the terms and conditions you are setting up.

Moreover, there should be direct links through which the users can take a look at the terms and conditions for real before they tick the checkbox and gives their consent eventually.

This will prevent them from complaining later that you used their information in ways which they didn’t want to be.

Granular Opt-In

The vast majority of the websites only want consent from the users on the overall terms and conditions. It is very much possible for a user to consent to one particular state, and not the others.

You need to provide them with separate consenting options, so that can get more freedom while permitting you to use their information in different ways.

Easier Ways to Withdraw

In the status quo, giving consent to the terms and conditions might seem quite comfortable with a few checkboxes. But it is not so easy to opt out due to complex structures of the websites.

For becoming compliant with GDPR, making that opting out procedure simple is another mandatory thing. Don’t force your users to play by your rules on you have them on your website.

Named Parties

The forms need to acknowledge and identify all the involved parties clearly and precisely while taking consent from the users.

In the vast majority of instances, websites try to bypass this by merely mentioning specifically defined categories of third parties.

From now on, those third parties should be mentioned by their name. When you don’t do that, the users can’t make an informed choice about signing up because you are not giving them the entire information.

Privacy_Notice

Privacy Notice

You must use a privacy notice on your website, and provide that to your users. Information Commissioner’s Office has already offered one on their site, and you can publish that in yours as well.

Along with that, you need to update the terms and conditions of your website according to 2018’s updated GDPR. There is a list of things you can’t ask your users to provide. Get to know those from ICO and act accordingly with transparency.

Online Payments

When you are running a business using payment gateways, it is very reasonable for financial transactions. Your website might be the one collecting personal data before you pass the details to payment gateways.

In cases such as this, make sure your website does not store and process the data anymore after the transaction is over. The users have given consent to use that information only for the transactional purpose for that particular purchase, you storing the data breaches their rights.

Third Party Tracking

Third Party Tracking

If you are using third-party tracking software, life can get a bit tougher for you with 2018’s GDPR. Because third-party tracking software is capable of tracking the users in such ways, which they are not comfortable with.

They haven’t given their consent as well. And some areas can remain quite grey as well, regarding how much tracking is accepted and how much is not.

In cases like these, you have to take a look at what the suppliers of this software are saying, and if they are acting according to GDPR. If they are, then you have lesser things to be worried about.

Don’t forget to follow all of the above-mentioned steps and procedure to avoid legal complexities that will hurt your website both in the long term and short term.

Let’s start

A new project together

  • Share this post:


Thoughts

  1. Nice article. still i have few doubts. i run a blog which provides “blogging tips and tutorials” . I don’t collect emails [which means there is no optin forms on my blog] . Do i need to worry about GDPR then? Plus i found cookie policy on your website, which my blog lacks. How and where to get that policy banner or whatever! Once again thanks for sharing great information.

    1. You should make your website GDPR compliant though. GDPR isn’t only about email collecting. Can I see your blog? I guess you do have “subscribe” option on your blog. It’s always better to take the steps before anything happens. And I used GDPR plugin on my blog.

Leave a Comment