This week we attended a networking meeting where we were inundated with people asking us about GDPR compliance for their websites.
And it’s clear there is still a lot of confusion around the issue.
The most common assumption was that if you didn’t get much traffic, or rarely received a contact form, you didn’t need to be GDPR compliant.
The second most common assumption was that a person’s website wasn’t collecting data. One person said “GDPR? I thought that was only necessary if you collected personal data. We don’t collect any!”
By the very nature of having a website, you are most likely collecting personal data, whether you know it or not.
Let’s unpack that a little more.
In their pdf, “An introduction to the Data Protection Bill”, the ICO state that personal data is defined as any data that “[relates] to an identified or identifiable living individual.”
So it’s not all about credit card numbers and tax codes! Basically, simple and basic information such as someone’s name and email is considered to be personal data.
Here are five ways you may be collecting data:
- You have a contact form and people leave either their telephone number or email as a form of contact for you to get back to them.
- You offer a newsletter subscription service where people give you their email address
- Visitors can buy a product or service through your website
- Visitors can make a booking through your website
- You allow comments on your posts or pages which ask for email address or you allow people to log in with their social media profiles
Even though there is a lot of controversy around cookies, they can be very useful and help make browsing your site a more relevant and enjoyable experience for your visitors.
So what’s a cookie?
The site then ’knows’ that you have been there before. In some cases the site will then tailor what you see – for example, an abandoned shopping cart, your social media logins so you can comment easily, knowledge that you have signed up to a mailing list, so it doesn’t pop up again or other preferences that tailor the content to your interests.
- Run Google Analytics or similar
- Have social media ‘like’, ‘share’ buttons or plugins
- Show YouTube videos on your site
- Run your site through cloudflare or similar Proxy
Websites have been running cookies for years, but until now most people haven’t been aware of them working in the background and it’s been the individual’s responsibility to either block or allow cookies using settings in their internet browser.
But now the responsibility is on you, the site owner.
So take a look at the lists above again. If your site uses any of these features, you need to ensure your site is GDPR compliant.
If you’re still confused, read through the information on the ICO website. https://ico.org.uk/ or seek legal advice.