DISCLAIMER: Web Nation are NOT lawyers - This material is provided for your general information and is not intended to provide legal advice. To understand the full impact of the GDPR on your website please consult a solicitor.
The EU’s General Data Protection Regulation (GDPR) comes into effect 25 May 2018. With fines up to €20 million, or 4% of annual revenue, for non-compliance, breaches, and misuse, website owners need to make sure they are compliant as soon as possible.
All websites will need a privacy policy page stating whether you collect data on visitors, what you do with that data and how they can find out what data you hold on them and how they can have their data removed.
Below is a list of the four main types of Web Nation websites and some of the steps we think you may need to take for each type (Once again, this is NOT legal advice):
1. Brochure site with no newsletter subscribe form
- If you have a contact form on your site, it should probably have as few personal info fields as possible. Avoid collecting sensitive personal data, such as information about ethnic origin, political opinions, religious or philosophical beliefs, or genetic or biometric data.
- If you want to continue contacting visitors for marketing purposes (not just to reply to their enquiry), you will need to explain that on your contact form and get them to tick a box to consent to having their data collected. Please let us know if that is the case and we will add the tick box for you.
- If you send marketing material to previous visitors who didn't give their consent in the past, you will need to contact them again and get their consent to continue contacting them. Let us know if that is the case and we can help set up a consent page for you.
- We will be removing the ability to save web form submissions on our sites - so in future all submissions will be emailed to you in the normal way but no backups will be taken.
2. Site with newsletter subscribe form(s)
- Your webform that collects email addresses for your newsletter should be clearly marked as much - saying something like: "Provide your email address to receive newsletters" or simply "Sign up to our newsletter"
- If existing subscribers didn't give their consent in the past, you will need to contact them again and get their consent to continue contacting them.
- Your privacy policy page should explain what you do with the data you collect, how subscribers can find out what data you hold on them and how they can have their data removed
3. Sites that collect visitor statistics
- Web Nation provides the ability to collect statistics about your website visitors by using Statcounter or Google Analytics. If you are using one of these services, you should make clear in your privacy policy page that the IP addresses of visitors to the site are logged to help understand which pages are visited but that individual visitors cannot be identified from this process.
3. Ecommerce site
- You will need to get consent for any marketing activity. Contact us if you have an online shop (or any method of taking money online) and we can add a consent tick box to your shop's checkout.
- If you send out emails to previous customers with details of new offers etc, you'll need to contact them before 25 May 2018 to get their consent to continue contacting them. Let us know if that is the case and we can help set up a consent page for you.
- Your privacy policy page will need to explain that you collect data on visitors, what you do with that data and how they can find out what data you hold on them and how they can have their data removed.
4. Membership site or site where visitors have personal logins
- You should take legal advice on what you need to do based on your site's individual set-up.