The it'seeze Client GDPR Compliance Checklist
Posted on 11th May 2018 at 09:50
The General Data Protection Regulation (GDPR) comes into effect on 25th May 2018, which means if you haven’t already, it’s time to start thinking about how to make sure your it’seeze website complies with the new data protection laws.
These laws apply to every business and organisation that processes personal data from EU citizens, which is exactly what your website is doing – you can learn more about this in our blog post all about the GDPR and how it affects websites.
As the owner of your website, it is your responsibility to ensure you carry out the necessary steps to protect any personal data that comes through your site. At it’seeze, we’re making this as straightforward as possible for our clients and have already begun implementing several measures to help you achieve GDPR compliance quickly and easily.
What are it’seeze doing to help you become GDPR compliant by 25th May?
Providing all clients who have a domain registered with it’seeze with a free SSL certificate
If your website domain is not currently registered with us, please either contact your local consultant or call us on 01803 407470 and we can arrange this for you.
Revising your website’s cookie notice
Your website visitors will have the option to opt in or out of cookie use when they browse your site.
Adding a checkbox to the blog comments component
Visitors to your blog will now have to consent to having their name and comment published on your website before they submit their comment.
Modifying data access permissions for standard online shops
If you have a standard Commerce website, your customers will be able to see what data you hold on them and will also have the ability to download and delete this data.
What do you need to do to make your it’seeze website compliant before 25th May?
Disclaimer: This checklist does not constitute legal advice, nor does it contain an exhaustive list of everything you need to do to achieve full GDPR compliance. We would advise that you consult a solicitor or a certified GDPR practitioner if you have any concerns about how this new legislation will affect your business.
Delete any data stored on your website that you no longer need to keep
If you have set your website contact forms to store enquiries in lists, this will be saving personal data to your website.
To see the lists stored on your website, simply open the 'Panels' menu in edit mode and go to the 'Lists' section.
You can find more information about managing lists on your website here.
Make changes to the forms on your website
If it’s an enquiry form, make it obvious to people filling it out that they will be contacted by you by stating this in the copy above or next to the form.
Stop collecting unnecessary amounts of personal data by removing any fields from your forms that aren’t essential – for example, do you really need to know someone’s address if they are just contacting you for a call back?
Add a checkbox for consent to any forms where you are collecting data for marketing purposes, such as a newsletter sign up form.
Review any comments that have been left on your blog
Any comments that relate to your blog posts can be kept and published, as they were submitted for this purpose.
However, if a prospective client leaves their contact details via a blog comment, this should not be published and should be deleted once you have established contact.
You can learn more about managing blog comments here.
Remove any client testimonials that you do not have written consent to use
You need explicit permission from your clients to feature a testimonial quote alongside their name and business on your website – either reach out to clients for their consent, remove these quotes, or consider using a GDPR compliant review platform to collect and display testimonials, such as Trustpilot.
Check that all third party companies you collect and share data with are GDPR compliant
You are responsible for making sure that any third party tools or services you use on your website (such as iframes or widgets) are GDPR compliant. If a company is not compliant by 25th May, then it’s your responsibility to follow up with them or find an alternative provider.
By following this checklist, you’ll be able to get your it’seeze website ready for GDPR, but it is worth remembering that these new data regulations apply to all aspects of business involving personal data, not just your website. For more information and guidance on complying with GDPR, visit the Information Commissioner’s Office at ico.org.uk
Share this post: