Print, Design & Websites

Posted: May 9, 2018   •   Posted in: Company News, Marketing Tips, Website Design

GDPR and your website – what should you be doing?

The General Data Protection Regulation (GDPR) comes into force on 25th May 2018 and as an owner of a website you need to consider how these regulations affect you.

Protecting your data and that of your customers is vital to the success of your business. The new regulations provide a framework to allow you to do this. The following points are some of the areas you need to consider if you own a website:

Sign up forms

Make sure you don’t have any pre-ticked boxes such as ‘If you don’t wish to receive information from us please untick the box‘. This is not allowed under the new regulations. You must make it clear and easy for someone to give their consent – you cannot automatically assume it. You must also make it easy for someone to opt-out of being contacted by your company. The GDPR introduces a right for individuals to have personal data erased (the right to be forgotten).

Privacy policy/notice

Review your privacy policy and update it as necessary. You must have a privacy notice on your website. Your privacy notice needs to include 3rd parties you may share your data with.

Cookie policy

Review your Cookie policy and how you ask your visitors to give consent to using these cookies.

Contact forms

Do you make it clear on how someone’s information will be used once they have given you their details? Does your website store this data in a database?

Ecommerce websites

If you have an ecommerce website do you have an SSL certificate? Do you have policies in place regarding the collection of credit card transactions and how long you keep the data on transactions?

Be clear on the use of the data

Make sure you are clear on what you will do with a visitor’s data once they have been in contact or bought from you – you cannot assume you can just market to them if you haven’t asked for their consent or made it clear how you will use their data. This is particularly important if you are selling to consumers, sole traders or partnerships.

Review your passwords

If you have a content managed website where you update the content yourself make sure you have a robust password in place. Weak passwords such as admin or password leave your site open to hackers being able to access your database, and therefore your data.

Not just your website

And don’t forget, it’s not only your website that needs to be compliant. If you handle personal data in your business you need to understand the principles of GDPR and have suitable policies and systems in place to adhere to the regulations.

How can Kall Kwik Bury St Edmunds help ensure you’re GDPR compliant?

If we manage your website for you we can guide you on many of the areas above and implement some of the changes for you. Don’t leave it too late – we are less than 3 weeks away from the new regulations coming into being.

Further information on GDPR

Further information on the regulations can be found at

Read more: ‘Survive a website hack [How to guide]’ » 

Read more: ‘POP, IMAP and Exchange, what’s the difference?’ »