You might well have heard that some new EU Privacy rules (called GDPR — General Data Protection Regulation) are coming on the 25th May 2018.
If you’ve got a site or blog (even if you’re not in the EU), then it’s probably affected and you WILL NEED to do something!
So below is the info I’ve sent to my clients about GDPR.
If you’d like any professional help with getting your site GDPR compliant, I can help. Contact me.
Hi,
You might well have heard about the new EU Data Privacy rules — GDPR (General Data Protection Regulation) which come into effect on 25th May this year (two days after my birthday — nice!).
With GDPR comes new responsibilities for organisations and businesses in the way in which data in obtained and held.
You might well be sorting out some GDPR items already, if so, great!
As one of my clients, I want to help make the web side of things as easy for you as possible in regard to GDPR. However, there is a limit to how much I can help you!
What I Cannot Do…
I CANNOT be your ‘one stop shop’ for GDPR questions (and answers). I’m just a web developer, I’m not a data privacy or legal expert!
I CANNOT help you/your organisation ‘get ready’ for GDPR as you know what data you deal with and how you deal with it — I don’t (well I might know a bit but not much!).
What I Can Do…
I CAN give you some links to look through, which should be able to help you:
You can find out more about GDPR from the Information Commissioners Office (the UK Government Dept dealing with GDPR):
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Info for small businesses
https://www.simplybusiness.co.uk/knowledge/articles/2017/11/what-is-gdpr-for-small-business/
Info for charities
https://www.charitydigitalnews.co.uk/2018/03/22/gdpr-is-your-charity-ready/
Info for churches (although it’s also useful for many charities and businesses)
https://www.baptist.org.uk/Groups/302154/Data_Protection_and.aspx
http://www.parishresources.org.uk/gdpr/
I CAN supply you with some basic documents and templates with might help you to think about GDPR and what you need to do for the web side of it.
I’ve put these together at: https://mega.nz/folder/XwtX2TaB#Np-zd42tpKOhaw_ybbg1lw
They include:
- A basic ‘audit’ template (Word);
- A basic ‘audit’ template (Excel) — this includes some of my very basic info!;
- A basic ‘checklist’ (Word);
- A basic ‘privacy notice’ document (Word).
But, again, I CANNOT give you any specific legal advice. For full info, please see the ICO’s site or contact a professional legal advisor.
I CAN help with adding GDPR info to your site.
The main thing impact of GDPR on your website, following your own audits, will be putting the relevant information from the Privacy Policy/Notice on the site. The contents will be depend on what data your site collects, etc. but it might well be similar to the example document in the link above.
Any contact forms will need a clear link to this Privacy Policy/Notice (best either just above or below the Send/Submit button) — I CAN help with this.
Some example text for this would be:
This form collects your name, email and phone to help us answer your questions. Read our Privacy Policy [linked] for how we deal with this information.
It’s also a good idea to have a link to the Privacy Policy/Notice near any buttons for:
Blog Comments (with these, it would also be sensible to explicitly state that users should not put personal information into the comment and have a tick to make sure people understand thing);
Some example text for this would be:
By using this form you agree with the storage and handling of your data by this website. View our Privacy Policy [linked]. Please do not express personal data or contact details in blog comments, as these are displayed publicly on the site.
If you use WordPress (the self hosted version) and are happy installing plugins, then this plugin make it easy to add the extra tick box to comments:
https://wordpress.org/plugins/wp-gdpr-compliance/
***
Sign ups for email lists (these will also need an extra ‘consent’ tick box);
***
‘Buy’ buttons if you are selling anything.
I CAN help with these!
If, on any forms, there is also the option to sign up to a mailing lists, this needs be to UNTICKED by default — I CAN help with this.
If you have an email newsletter, then you will also need to send out an email so people can confirm that they still want to receive the newsletter. MailChimp and MailerLite both have tools to help with this:
https://kb.mailchimp.com/accounts/management/collect-consent-with-gdpr-forms
https://help.mailerlite.com/article/show/59543-gdpr-tools
With GDPR, as a record of consent is needed for things like being added to mailing list, it won’t be practical to have a ‘paper sign up sheet’ or equivalent (where people sign a bit of paper and then you manually add them to the mailing list at a later date) as you cannot ‘prove/record’ digitally that they have given consent (unless you have them sign a paper form and then you store the form.). A better option would be to have a sign up form on something like a tablet that you can ask people to complete. In this way their digital consent can easily be tracked.
***
If you also need a simple way of storing things like passwords, website logins or anything else, ten I recommend https://www.enpass.io it’s free and very easy to use. (I use something similar to store all the logins for you and my other clients.)
Phew… I know it can seem a lot to take on board.
Please read through all the links and things. When you’ve got a Privacy Policy/Notice ready, or know what needs to go in it, please get back in touch with me and we can then make any changes on your site.
Best wishes,
James