This guide will show you how to make websites GDPR compliant in details.
What is GDPR?
“The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.” Wikipedia
How to make a website GDPR compliant?
The two key factors of the GDPR regulation are simple: keep customer data secure and make marketing communications as clear as possible.
- Contact Forms
Almost every website have a contact form. It is the easiest way for visitors to contact the website manager. To make your contact form GDPR compliant, you need to inform visitors why you are asking for their contact information. Example: when a visitor type in their email address, there should be a pop-up or text display to him”This is how we will contact you”.
A better way is a confirm tick box. The tick box for visitors to confirm the term of using your website and they agree to be contacted by you. You have to add this tick box to your contact form if you want to send marketing communications to visitors. And the tick box must be unticked when the contact form is opened, visitors need to tick it by themselves. You need different tick boxes for different types of communication, such as emails, text message, post, telephone…
The GDPR ensure that visitors will not receive unsolicited emails, no matters that emails come from websites they know or do not know.
At first, you should send an email to your entire email subscribe list, ask them to confirm again to receive future emails newsletters, marketing emails, promotion emails, happy birthday emails… If subscribe choose to ignore your emails, they should be automatically removed from your emails list.
Then, you website owners should send only emails newsletters/ emails marketing to those who have officially confirmed that you want to receive these emails from you. And it should be esy for them to unsubscribe, the best way is put an unsubscribe button in all your emails.
- Keeping data
Visitors have a right to be forgotten, so they can request you to remove all your database from your website. Website owners must keep all date secured, the https protocol can help with this problem, just add it to your site. GDPR also highlight that databases must be stored in Europe. So you need to check GDPR compliance of your host provider like GoDaddy, Hostgator…