What makes a site GDPR compliant?
It’s Monday again and thought I could outline try and give some tips on how to make your website GDPR compliant. I am not going to explain how to do it I am merely going to give some pointers. A quick disclaimer: I am not a lawyer so don’t take my advice as legal advice. The basic idea is that:
You must prove you have been given explicit consent to hold the data and what it will be used for and that the user must be able to withdraw consent at any time. You need to ask yourself questions regarding your processes in terms of data collection. These questions could be something like:
- What are you using the data for?
- Where is the data being stored?
- Do you still need to hold the data?
Every website needs to have the following components in general
- Cookie & privacy popup notice
- SSL certificate
- Newsletter signups should clearly allow opt-in and opt-out options storing consent receipts
- Contact Forms should have a consent field
There are a thousand things that need to be done but I am sticking to the bare minimum. I am also not giving any details on implementing this because if I do you might go about it incorrectly and my point isn’t to teach anyone the procedures but in reality to make a point that you should find a way to become compliant sooner rather then later.
If these tasks seem daunting, get someone to handle them for you. By someone I mean an actual professional. If you have any questions, feel free to contact me at [email protected]