You’ve heard a lot of talk about GDPR, but what exactly is it and how is it going to affect you and your business? First, let’s do a quick throwback to the 90s (why hello dial-up internet access!) when the Data Protection Directive (DPD) was released. Back when the internet was essentially the wild west, the DPD was the first set of rules ever written for the internet. Since then, the internet has completely transformed in ways we never could have predicted. This meant that a new set of regulations had to be made.
On May 25th, 2018, a new set of rules AKA the General Data Protection Regulations (GDPR), went into effect. The new regulations spell out specific rights that individuals have in regards to whether or not they’d like to relinquish the rights to their data. Because some of these changes directly affect aspects of digital marketing compliance, we want to make sure you’re up to date on how to become GDPR compliant. If your business holds, collects, or uses customer data, we highly recommend doing an audit of your processes. In order to stay on the right side of the law and avoid some hefty fines, check out our steps to ensure that your website is GDPR compliant.
1. Forms Must Be Active Opt-In
Previously, having a pre-checked form wasn’t considered bad practice. Under the GDPR, forms that ask users to subscribe to newsletters or indicate their contact preference now have to default to being un-checked, otherwise it’s considered implied consent.
2. Separate Opt-In Checks
Many sites used to bundle user consent into a single multitasking checkbox. Now, you have to have separate checkboxes to consent or opt-in to different things, for example, you need a checkbox where users can consent to data use and another for agreeing to terms and conditions.
3. Make Sure Your Cookies Are Compliant
Notifying a user that there are cookies on the site that may collect their data is no longer enough, you must make it possible for users to both accept or reject cookies. Also, even after they’ve opted-in, users must always have the option to opt-out of cookies at any time.
"Notifying a user that there are cookies on the site that may collect their data is no longer enough."
4. Remove Personal Information
After users make an online purchase, are you storing their information in your database indefinitely? The GDPR isn’t explicit about how long exactly you can store user data, rather they require a company be transparent about how long they plan to store the data. This means you’ll have to modify your web processes to remove individual data within a reasonable amount of time and make this time period known to your users.
5. Granular Opt-in Options
You must provide your users with the power to consent separately for different processes. This means that users shouldn’t just have one box to tick for opting-in to communication, instead they should have the option to only opt-in to the specific type of communication they wish to receive.
6. Easy to Withdraw Submissions or Opt-Out
Individuals should always have the option to opt-out and know that they always have the right to withdraw their consent at any time. This means they should have the right to unsubscribe to certain streams of communication or easily change the frequency at which they receive communications from your company.
7. Opt-Ins For Each Named Party
Before, it was common practice to bundle your third party consent in one checkbox, now each named party needs to be listed and users have to have the right to consent to each separately.
8. Privacy Notice and Terms & Conditions
You need to update your website’s privacy notice to clearly state how a users data may be collected and used and which applications you’re using to track their interactions. You will also need to update your current Terms & Conditions page to reflect the GDPR verbiage. This must include how long you’ll retain their information on your website and your site database.
Make sure your website GDPR compliant so you stay on the right side of the law and avoid any fines. If you have any questions, please shoot us an email at firstname.lastname@example.org. We're here to help!