On 25th May 2018, the way in which businesses (both inside and outside the EU) are allowed to collect, store and process personal data will change forever.
It’s why your email inbox is currently awash with messages from businesses kindly asking if you can re-subscribe to their newsletter list. It’s also why Facebook and many other giants of industry are having a rather bright spotlight pointed in their direction.
If nothing else, the forthcoming GDPR rules are making it abundantly clear that personal data is just that – personal and to be used entirely legitimately.
You may have made strides towards website GDPR compliance already, but it’s highly possible you’ll have overlooked a few vital areas.
Understanding the difference between active, unbundled and granular
The three words above all refer to the type of opt-in you offer anyone who enters personal data into your website. Fall foul of their intricacies, and you might slip on one of the biggest GDPR banana skins.
Understanding all three will also make the process of checking your forms far easier.
- Active opt-in. If you have a form which includes a tick box for newsletter subscription, it must, by default, be set to whatever indicates “no, I don’t want to receive your newsletters”.
- Unbundled opt-in. Any consent you request – be it a newsletter subscription or the promise of personalised offers – must be listed separately on your forms. A typical example of this is to have two separate tick boxes for newsletter subscription and terms and conditions acceptance.
- Granular opt-in. If you want to contact people by email, telephone and snail mail, you’ll need to give them all three options as separate forms of consent.
Easy withdrawal
How easy is it for people to withdraw their consent from your marketing program? Can they do it at all?
Pick a great email marketing client, and it will include easy opt-out options for newsletter subscribers. Equally, if you have some form of customer login facility on your website, it’ll pay to have a section where they can change their subscription settings.
Naming your partners
Do you collect personal data with the intention to pass it onto partners or subsidiaries within your business? If so, you’ll need to make it ultra-clear on sign-up forms.
This is why you’ll see forms featuring tick boxes like the following:
[ ] I’d prefer not to receive updates from Bank ABC
[ ] I’d prefer not to receive updates from Bank ABC Mortgage Division
Whether you or your partner likes it or not, the name has to be there in order to comply with the GDPR’s rules.
The nuts and bolts of your website
Depending on the role your website plays, it may rely on third party services, apps and plugins to provide functionally for users.
If any of those additions come into contact with personal data (for instance, a plug-in that captures email addresses to provide access to gated content), they’ll need to be GDPR compliant.
This is why it’s worth conducting an audit of the nuts and bolts of your website (with the help of an expert) to ensure the developers behind any add-ons have their own GDPR compliance under control.
And finally…
Lots of business will be scrambling towards GDPR compliance as 25th May looms large, but if you have the basics covered, and take time to sniff out the less obvious stuff above, you’ll have a far easier time meeting the new requirements.
Lastly, a little disclaimer. The advice offered in this post is of the general variety and is certainly not legal advice. If you are at all unsure about any aspects of the GDPR and how it might impact your business, we recommend seeking professional legal input.
