Painting pixels Building scrollbars Making magic Creating and evolving
gdpr_1-1
Updated

How to Make Your Website GDPR Compliant

If you are a business owner or are in charge of a website that collects users’ data in Europe, you might be lost in the Abyss of GDPR. It is easy to become overwhelmed with all of the new regulations and could be very difficult to figure out what needs to be done in order to be GDPR compliant. If this is the case, do not worry, we have you covered!

GDPR holds companies accountable for how they handle individual’s data. Going into effect in May of 2018, this revolutionary legislation will provide a uniform rule set for all of Europe, replacing the ‘Data Protection Directive’ of 1995. Under this legislation, users’ sensitive personal data as well as non-sensitive personal data is protected. This includes genetic data, religious and political affiliation, sexual orientation, or any other information that could give away an individual’s identity. Anything that can create the “destruction, loss, alteration, unauthorised disclosure or access to” an individual’s data must be addressed to the state’s data protection regulator. If there are any chances of a breach that has caused a destructive impact (financial loss, confidential breaches, impact on reputation), the ICO must be informed of the breach within 72 hours. If the data being collected is deemed destructive or unauthorised, the company involved will be issued a fine. GDPR imposes a sanction of up to €10 million or 2% of a company’s global turnover, or for larger companies €20 million and 4% can be fined. This is an astronomical mark-up from the €500,00 that used to be imposed.

We have prepared some interesting facts regarding GDPR and its implementation: 

  • 27% of companies spent over half a million dollars to become GDPR compliant.
  • There have been over €359 million in major GDPR fines so far.
  • Over $9 billion has been spent on GDPR compliance
  • Nearly three-quarters of UK companies don’t follow GDPR data request requirements, GDPR statistics reveal.
  • Almost a third of EU companies are not GDPR compliant, stats about GDP reveal.
  • Over 1000 online publications have blocked EU readers (Source).
  • 45% of Europeans still worry about their privacy, even post-GDPR.
  • There were nearly 150,000 complaints within a year of the GDPR becoming enforceable.
  • Luxembourg hit Amazon with a gigantic fine of €746 million ($865 million) in 2021 (Source).

In order to protect your company from financial loss or lawsuit, there are a few measures that can be employed to ensure GDPR compliance:

  • Utilise Online Contract Forms to let users know what their data is being used for. For example, when asking for email, phone numbers, or addresses from clients specify “this is how we will contact you” to show transparent intent with data collection. Make sure to disclose to users what their information is being used for, including an opt-in box stating that they consent to be contacted
  • Update the Privacy Policy to transparently and completely detail the data collection procedure, cookie usage, as well as data privacy rules. Be sure to include if and when user data may be shared, and details on data being collected by plug-ins (such as what data is being collected, why it is being collected, and how you are protecting it! It is always important to make marketing communications as clear as possible!
  • Add an Opt-in Tick Boxensuring that customers are giving you consent to see and use their data. It is a good idea to employ this mechanism on a user’s first time visiting your website, allowing an initial decline or consent for cookie usage. Your website should be available even if users do not consent to cookie usage, however, it should not include an option to personalise the page.
  • Be sure that Plugins are GDPR compliant, these must be subject to user consent and should be covered in the privacy policy! It is essential to guarantee your user that their data collected from plugins can be provided and deleted!
  • Only collect information that is imperative for data processing! Make sure to not keep data for longer than what is ABSOLUTELY required!
  • Be sure to clean up your Email Marketing! GDPR protects its users from spam or junk mail. E-mail recipients should have to opt-in to receive future email newsletters, updates, and promotions. If opting in goes ignored, users should be removed/unsubscribed from the mailing list until further notice.

GDPR has been referred to by some as the ‘doomsday’ of online marketing. Advertisers have seen several large firms fall victim to specific breaches, creating a compliance concern. If you are sure to transparently cover all cookie usage by employing these steps, you and your organisation will be fully GDPR compliant!  If you are still unsure about the steps to become compliant or are worried about your user’s privacy protection implementation, do not worry. We are delighted and ready to help you!

We've been impressed with Fernando’s team

Martin Howlings

Martin Howlings

Director at Expats