This complete General Data Protection Regulation (GDPR) compliance checklist for your website will point you in the right direction when considering how the General Data Protection Rule applies to your company. If you’ve read our Ultimate GDPR Overview then, you should have a better understanding of how the General Data Protection Regulation affects your business ecosystem.
The biggest thing here will be allowing users to actively opt-in for your services. There are many subscribe forms that pre-select the opt-in box. This is not allowed under the GDPR requirements.
Each service for which the user’s data will be used must be outlined in the opt-in process. You can no longer bundle terms and agreements and offers to the user under one opt-in. You must specify and allow voluntary consent for which services the user is opting for their information to be used.
Your users need to be able to view separate consent policies for different types of processing. Phone, Email and Mail data usage should be clearly defined in your privacy policy. If you offer multiple products and services, then you should create separate opt-ins for each.
Segmentation like this can and should be synced up with your CRM platform. This will jumpstart your marketing automation efforts.
GDPR states that it must be just as easy to withdraw as it was to sign up. Make sure you keep your contact preferences page easy to find. In addition, you may consider segmenting topics of interest and providing an opt-out checkbox for each one. Including easily identifiable opt-out links in all marketing emails can also help to remain GDPR compliant.
Your forms should clearly identify who will be receiving the party’s information. The prior language of specifically defined categories of third-party entities is no longer acceptable. The GDPR mandates that these third parties be named.
If you’ve got an e-commerce website that stores customer information post-purchase, then it must be removed after a reasonable period of time. While GDPR does not specify the time frame you should consult with your legal team and use best judgment to state this on your site.
According to BuiltWith, there are over 30 million live websites using Google Analytics. Thankfully, Google has been working to increase their data privacy policies with EU legal teams for years. You can read more about Google’s commitment to GDPR here.
Tag Manager allows you to integrate third-party vendors via their multiple tags offered. If you work with an agency or partner that processes your tag manager data then you should look to legal to get a contract in place outlining their responsibilities as a data processor to you as a data controller.
The General Data Protection Regulation travels far beyond the digital confines, as it implicitly cites data as personal information. This means that you will need to audit your business as a whole. Legal teams can help you answer other tricky GDPR questions such as:
Not sure if your website is GDPR compliant? Contact Ironistic for a full website and marketing review.
We focus on building marketing systems and websites that respect your customer’s data and achieve your business goals.
https://www.ironistic.com/508-compliance-website/
This article does not constitute legal advice, nor is this information intended to create or rise to the level of an attorney-client relationship. You should always seek professional legal advice where appropriate.
Comments
There are currently no responses.