The General Data Protection Regulation (GDPR) comes into effect on 25th May 2018. Whilst many are considering this the “doomsday” of marketing, it is in fact a straightforward process provided that you understand how to make your website GDPR compliant.

The motive behind the EU regulation is to protect consumers and customers against the rising data breaches, which is costing the UK economy billions of pounds a year. Several large firms have fallen victim to breaches including eBay, Linkedin, Bupa and Zomato.

The two key factors of the GDPR regulation are simple: keep customer data secure and make marketing communications as clear as possible. Failing to uphold these standards many result in a hefty fine which is has been lifted from 500,000 euros, to 20 million euros or 4% of annual turnover. Below we explain how to incorporate these themes and make your website GDPR compliant.

Online Contact Forms

Pretty much all websites have a contact form, whether you are a local doctor’s surgery, an insurance company or restaurant – this is the simplest way for visitors to contact you directly.

To make your contact form GDPR compliant, it can help if you justify why you are asking for any details. For instance, when the user is adding their phone number or email address, it helps for information to pop up saying “This is how we will contact you” or similar.

Something compulsory to add to your contact form is having a tick box for users to confirm that they accept the terms of using your website and how they agree to be contacted.

A further tick box must be added if you wish to send further marketing communications to the customer. This tick box must be unticked when they start and you will need a specific box for each type of communication whether it is email, text message or post.

Email marketing

A key feature of the GDPR regulation is to ensure that customers or emails users do not receive unsolicited emails, whether it is companies they know or do not know. Prior to 25th May, organisations have been encouraged to email their entire list of subscribers and ask them to opt-in again to receive future email newsletters, updates and promotions.

If customers choose to ignore these emails, they will be automatically unsubscribed which has been welcomed by many who are looking to reduce their intake of promotional emails.

Moving forward, website owners must only send out email marketing material to those individual who have officially opted-in and make it easy for people to unsubscribe. Should they disobey and this is reported, they may be prosecuted by the ICO.

Privacy policy

Whilst a privacy policy has always been a key feature of any website’s footer, this is now compulsory for any active website and should include key information about how the website uses the customer’s data. Does your website send enquiries to other companies or partners? This is something you should mention clearly and include the names of partners too. The ICO have provided a sample privacy notice framework here.

Handling data

Customers now have a ‘right to be forgotten’ so that they can have their details removed from a website and the database if they request it. Webmasters should therefore have a process in place that caters for this and also facilitate a way that users can request this, whether it mentioning it clearly in their privacy policy or elsewhere on the website.

To emphasize the security of customer data, website owners are required to keep all data secured in an encrypted environment. By adding an https protocol to your website, you are helping encrypt the data that customers fill on your site.

GDPR rules highlight that all data must be stored in the EU. Whilst this can be tricky using operations and software based in the US and overseas, it is important to check that these companies are GDPR compliant whether you are working with GoDaddy, WordPress, Google, Zoho or Mongodb.

When you are making changes for your website, just remember: am I making it clear for the customer and taking their data into consideration? If so, you will be one step closer to being a GDPR champion.