E: [email protected]
T: 01526 352919
Cleveland Crop Sprayers
The Weave Room
From 25th May 2018 your business has needed to be GDPR (General Data Protection Regulation) compliant. Failure to comply with GDPR could lead to fines of up €20 million or 4% of the company’s total global revenue.
Furthermore, your customers expect it of you. GDPR affects any business in the world storing information on EU citizens. GDPR protects people’s information, giving each person total control over what happens to their information. That data must always be protected and kept safe and secure.
Part of making your overall business GDPR compliant involves ensuring your website is compliant. We have thoroughly researched all the necessary requirements and tools required, and have a set procedure in place to go through each site and action all/any of the necessary steps to get your website GDPR compliant as quickly as possible.
NB: There are also certain things unrelated to your website that YOU need to be aware of, and if necessary to act upon. For example whilst all third party systems that we use ourselves or recommend for our clients (ie Jotform, Jottacloud, Freshbooks, Mailchimp, Rackspace, LightCMS and Google) are all GDPR compliant, if you use any other third party systems for invoicing, crm, data backup, databases etc, you will need to verify that they are GDPR compliant. And, if you use offline systems/applications such as Microsoft Access/Excel it is your responsibility to ensure that information is kept safe and secure.
You can read more specific information in this section of our website.
You can read more specific information below and can get answers to FAQS here.
Email MarketingFrom now on, when users submit their email address in exchange for access to an ebook, brochure, etc. you are required to ask for their consent (by way of a checkbox on the form) to be contacted, instead of assuming they want to be contacted. And consent should be optional so that they can download the e-book without giving consent for you to contact them.
You’ll need to be able to provide evidence that a user has opted in receive emails from you, which you would have anyway if the person has submitted a form on your website.
Third-party complianceIf you’re using CRMs or Invoicing Systems, you need to make sure the companies that built those systems are, themselves, GDPR compliant. They should have information about this on their website or they would need to be contacted.
GDPR - DayAfter 25th May 2018 you can only email users who have actively, freely and willingly opted in to receive messages from you.
If subscribers have not explicitly opted in to your mailing list, you’ll need to ‘re-permission’ that mailing list. That means if a client exports the entries from a contact form on LightCMS and adds those email addresses to a mailing list, those people never opted in to be actively emailed by that business. So if you plan to contact them again, you would need to send out an email asking for consent from each person on your mailing list if they would like to be contacted by you. And this needs to be done before 25th May 2018.
In that email you send to your mailing list to get ‘re-permission’ you need to say:
Being TransparentIf you’re collecting an email address on a registration form for an event, you should provide details on why you need that email address and how you’re planning to use it.
When asking for permission to email that person, you must avoid any pre-ticked boxes as these are considered implied consent and not freely given.
You should also, if you are using a mass-mailing system, ensure that it is easy to unsubscribe from emails. Take Mailchimp, for example, when you click Unsubscribe, you are taken to a webpage that does exactly that and tells you that you are unsubscribed. In other words, you don’t have to follow a rigorous process to unsubscribe.
Collecting and Storing Data SecurelyGDPR states that you need to “implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.”
This starts with encrypting any data that is submitted to your website, which is what GDPR recommends in Article 32. This will stop people from hijacking the data. An SSL certificate must be implemented on your site to encrypt the data.