Your Website & GDPR: What You Need to Know

GDPR comes into effect on May 25. You may be aware of the General Data Protection Regulation and how it relates to your business but did you know that it also has consequences for your website? In order to avoid being in breach of data protection laws, you should take a few minutes to consider the new requirements and determine if you’re meeting them.

First of all, every website needs a Privacy Statement and this statement should address the items of particular concern outlined below.

You are obliged to outline the kind of data that you collect from website visitors. This could be contact information on the back of a website query or an online sale. It could include geolocation information related to a mobile device.

You need to describe how your site gets this data. This could include website forms or social media interactions (such as Likes, Shares, ReTweets etc.). If you’re using a third party service such as Google Analytics for the purpose of tracking visitor traffic, this needs to be disclosed.

You’ll need to specify what you’re going to do with the data you’ve gathered. For example you might be using voluntarily submitted data to process orders or reply to online queries. The retention of personal data may be necessary for the fulfillment of a contract. These instances fall under the category of “Legitimate Interest” and are permissible by law.

Whether you know it or not, your site is probably using cookies. These are small pieces of data sent from a website and stored on the visitor’s computer – they are often used to keep track of visitor behavior (e.g. to determine if they’ve in log into a customer portal, or if they have viewed particular pages). Third party services that you may have installed such as Google Analytics also use cookies. Visitors need to be made aware of these cookies and must be given the opportunity to opt out.

Separate to the Privacy Statement is the issue of data security. When a visitor transmits data to your website, this data should be encrypted. If it isn’t, this means transmitted data is vulnerable to interception. How do you know if data from your clients is being encrypted? Go to your website and check the address bar: before the domain name does it say http:// or https://? If it’s not https:// that means your site is not encrypted. There are also other considerations that you should be aware of when it come so data encryption – see our article on SSL certificates.

After May 25, your site could be in breach of GDPR requirements. Contact BITS via today via support@bits.ie or give us a call on 056 7786882 to determine what needs to be done to ensure your site is compliant.