You might well have heard that some new EU Privacy rules (called GDPR — General Data Protection Regulation) are coming on the 25th May 2018.
If you’ve got a site or blog (even if you’re not in the EU), then it’s probably affected and you WILL NEED to do something!
So below is the info I’ve sent to my clients about GDPR.
If you’d like any professional help with getting your site GDPR compliant, I can help. Contact me.
You might well have heard about the new EU Data Privacy rules — GDPR (General Data Protection Regulation) which come into effect on 25th May this year (two days after my birthday — nice!).
With GDPR comes new responsibilities for organisations and businesses in the way in which data in obtained and held.
You might well be sorting out some GDPR items already, if so, great!
As one of my clients, I want to help make the web side of things as easy for you as possible in regard to GDPR. However, there is a limit to how much I can help you!
What I Cannot Do…
I CANNOT be your ‘one stop shop’ for GDPR questions (and answers). I’m just a web developer, I’m not a data privacy or legal expert!
I CANNOT help you/your organisation ‘get ready’ for GDPR as you know what data you deal with and how you deal with it — I don’t (well I might know a bit but not much!).
What I Can Do…
I CAN give you some links to look through, which should be able to help you:
You can find out more about GDPR from the Information Commissioners Office (the UK Government Dept dealing with GDPR):
Info for small businesses
Info for churches (although it’s also useful for many charities and businesses)
I CAN supply you with some basic documents and templates with might help you to think about GDPR and what you need to do for the web side of it.
I’ve put these together at: https://mega.nz/folder/XwtX2TaB#Np-zd42tpKOhaw_ybbg1lw
- A basic ‘audit’ template (Word);
- A basic ‘audit’ template (Excel) — this includes some of my very basic info!;
- A basic ‘checklist’ (Word);
- A basic ‘privacy notice’ document (Word).
But, again, I CANNOT give you any specific legal advice. For full info, please see the ICO’s site or contact a professional legal advisor.
I CAN help with adding GDPR info to your site.
Some example text for this would be:
Blog Comments (with these, it would also be sensible to explicitly state that users should not put personal information into the comment and have a tick to make sure people understand thing);
Some example text for this would be:
If you use WordPress (the self hosted version) and are happy installing plugins, then this plugin make it easy to add the extra tick box to comments:
Sign ups for email lists (these will also need an extra ‘consent’ tick box);
‘Buy’ buttons if you are selling anything.
I CAN help with these!
If, on any forms, there is also the option to sign up to a mailing lists, this needs be to UNTICKED by default — I CAN help with this.
If you have an email newsletter, then you will also need to send out an email so people can confirm that they still want to receive the newsletter. MailChimp and MailerLite both have tools to help with this:
With GDPR, as a record of consent is needed for things like being added to mailing list, it won’t be practical to have a ‘paper sign up sheet’ or equivalent (where people sign a bit of paper and then you manually add them to the mailing list at a later date) as you cannot ‘prove/record’ digitally that they have given consent (unless you have them sign a paper form and then you store the form.). A better option would be to have a sign up form on something like a tablet that you can ask people to complete. In this way their digital consent can easily be tracked.
If you also need a simple way of storing things like passwords, website logins or anything else, ten I recommend https://www.enpass.io it’s free and very easy to use. (I use something similar to store all the logins for you and my other clients.)
Phew… I know it can seem a lot to take on board.