This complete General Data Protection Regulation (GDPR) compliance checklist for your website will point you in the right direction when considering how the General Data Protection Rule applies to your company. If you’ve read our Ultimate GDPR Overview then, you should have a better understanding of how the General Data Protection Regulation affects your business ecosystem.
Learn how to create a GDPR compliant website with this Complete General Data Protection Regulation (GDPR) Checklist.
Active Opt-In Forms
The biggest thing here will be allowing users to actively opt-in for your services. There are many subscribe forms that pre-select the opt-in box. This is not allowed under the GDPR requirements.
Unbundled Opt-In
Each service for which the user’s data will be used must be outlined in the opt-in process. You can no longer bundle terms and agreements and offers to the user under one opt-in. You must specify and allow voluntary consent for which services the user is opting for their information to be used.
Granular Opt-In & Transparency
Your users need to be able to view separate consent policies for different types of processing. Phone, Email and Mail data usage should be clearly defined in your privacy policy. If you offer multiple products and services, then you should create separate opt-ins for each.
https://techforluddites.com/
Growth hack tip!
Segmentation like this can and should be synced up with your CRM platform. This will jumpstart your marketing automation efforts.
Easy to Withdraw Consent
GDPR states that it must be just as easy to withdraw as it was to sign up. Make sure you keep your contact preferences page easy to find. In addition, you may consider segmenting topics of interest and providing an opt-out checkbox for each one. Including easily identifiable opt-out links in all marketing emails can also help to remain GDPR compliant.
Named Consent
Your forms should clearly identify who will be receiving the party’s information. The prior language of specifically defined categories of third-party entities is no longer acceptable. The GDPR mandates that these third parties be named.
Online Payments
If you’ve got an e-commerce website that stores customer information post-purchase, then it must be removed after a reasonable period of time. While GDPR does not specify the time frame you should consult with your legal team and use best judgment to state this on your site.
Tag Manager allows you to integrate third-party vendors via their multiple tags offered. If you work with an agency or partner that processes your tag manager data then you should look to legal to get a contract in place outlining their responsibilities as a data processor to you as a data controller.
The General Data Protection Regulation travels far beyond the digital confines, as it implicitly cites data as personal information. This means that you will need to audit your business as a whole. Legal teams can help you answer other tricky GDPR questions such as:
Do I need to provide consent for past data collected via (post) mail services?
Are all my third-party vendors GDPR compliant?
What qualifications must my data protection officer have?
Can there be multiple data controllers assigned?
Not sure if your website is GDPR compliant? Contact Ironistic for a full website and marketing review.
We focus on building marketing systems and websites that respect your customer’s data and achieve your business goals.
This article does not constitute legal advice, nor is this information intended to create or rise to the level of an attorney-client relationship. You should always seek professional legal advice where appropriate.
Sarah Kelley and the rest of the Ironistic team have truly gone above and beyond to help us achieve our vision for our coalition’s website. They worked with us on a tight timeline when we first launched our organization, then helped us expand our site’s services this year with a dynamic and clean design. Sarah was always there when we needed her, quick to respond to our emails and find solutions at every turn. Sarah and the development team were experts at translating our desires (even when we didn’t necessarily know what we wanted!) into sharp website designs and functions. Many thanks to the entire team at Ironistic for such a positive experience!
Tara Andringa
Partners for Automated Vehicle Education (PAVE)
Executive Director
Sign up for IronEmail
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.OkPrivacy policy
Leave a Reply