Information

Preparing for the upcoming GDPR data law.

While it's not the most pleasant exercise, it's not a task to ignore.

Suzie Penney

General Manager

What is the GDPR?

The General Data Protection Regulation (GDPR) is a new EU regulation that will bring big changes to the way businesses are allowed to use people's personal information. The regulation comes into force on 25 May 2018 and means you'll have to review all the ways in which you get, record and manage any personal data.

The way the GDPR will affect your business depends on how it works with information. This can be a complex picture and you’ll need to conduct a data audit to get to grips with your obligations. You might even want to get legal guidance to ensure your business complies with the new rules.

For detailed official information about getting your business ready for the GDPR, visit the Information Commissioner’s Office (ICO) website. This is also the place to register your organisation as a Data Controller, if this isn’t already done.

What GDPR could mean for your business

It's legally binding

It covers the whole life cycle of personal data

The GDPR needs a business-wide approach

It's all about open, honest usage of personal data

Good security is essential

You'll need to get on top of your information systems

A website and digital marketing GDPR checklist

1. Does your website use contact forms?

If so, you’ll need to be clear about why you’re collecting people’s personal data. An opt-in tick box is advisable to get visitors’ permission before they submit their details. Once you hold personal data, you need to protect it. That means knowing where information is stored and having a system in place to allow users to view or update it on request. People also have the right to be ‘forgotten’ – deleted completely from your records.

2. Do your website users register or sign up for services?

Again, anyone submitting personal information to your website will need to know exactly how their data will be used. Plus you’ll need to keep their information safe and have a procedure to allow users to access, update or erase their records.

3. Do you use a live web chat facility?

If you use a live chat system on your website, this needs to be GDPR compliant too. Make sure any third-party service you use for this follows the new rules. If you use Facebook Messenger or any other social media for exchanging private data, it’s best to ensure all conversations are deleted once you’ve stored the information you need in the right place.

4. Is your website secure enough?

The GDPR regulations put a responsibility on organisations to protect any personal data they hold. This makes maintaining a secure online presence more important than ever before. You’re advised to check that your web hosting offers good security, keep WordPress websites updated to the latest version, and use strong passwords. If you suffer a data breach, you need to notify affected users within 72 hours.

5. Does your website use SSL encryption?

An SSL certificate is indicated by your web address starting with ‘https://’ instead of ‘http://’. It provides a secure connection between your website and the server. SSL has commonly been recommended for online businesses that handle online transactions. But it’s becoming the standard for all websites and helps you meet your commitment to GDPR standards (although it’s still not essential). Plus, SSL is increasingly likely to bring search engine ranking benefits – so it’s well worth considering upgrading to SSL.

6. Do your website cookies and cookie policy comply with GDPR?

Cookies are small pieces of information exchanged between your website and a user’s browser that allow the website to track the user’s activity. They are used for purposes such as gathering analytics data and remembering what is held in an online shopping cart until a transaction is complete. The chances are your website uses them. Some cookies track IP addresses that could be used to identify users and therefore require specific consent under GDPR. To be on the safe side, you might wish to ensure you use software that blocks cookies until consent is given. You can also allow users to select which types of cookie they choose to accept. Your Cookie Policy might need to be updated to reflect these changes.

7. Do you use email marketing?

The practice of sending marketing messages by email is already regulated – but the GDPR brings stronger measures to protect individuals’ data. You’ll now need to get explicit permission to send marketing messages. People should know exactly what you intend to use their details for. Using pre-checked boxes that only assume permission are a no-no. And you must offer a clear way for email subscribers to view and update their information freely, and to opt out and have their details erased if requested. If you use a reputable third-party email service such as MailChimp, there will be robust measures in place to store individuals’ data securely, keeping a record of when consent was granted, and providing an opt-out option in every mailing. But your business is responsible for ensuring the contacts you add to the mailing list yourself grant permission. Plus, it’s advisable to review your current mailing list to ensure GDPR compliance (you might even want to ask existing subscribers to actively opt-in – particularly if consent wasn’t given in the past).

8. Are your regular emails GDPR compliant?

Your day-to-day emails are another area affected by GDPR. It’s important to have the right security measures in place – effective anti-virus software and encryption. But you’re also advised to create a good data protection system. This might include extracting personal data to store in your regular secure place for this kind of information, then deleting the email. It’s also good practice to archive or delete all emails on the go to avoid stockpiling and losing control of personal data.

9. Do you have a procedure in place for personal data requests?

Under the GDPR, anyone has the right to request to know what personal information your business holds about them. You’ll need a well-managed system for organising this data and a way to deal with enquiries. You might wish to make a Data Subject Access Request form available through your website.

If you'd like Matrix to help with any of these areas of GDPR compliance, get in touch with us. We'll be happy to quote for the changes we can make – and to point you in the right direction for anything else you need.

Disclaimer: This article offers general advice about GDPR and guidance on where to find further information about making your organisation compliant. It should not be taken as legal advice.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_28220116_82	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
CONSENT	16 years 5 months 10 days 13 hours 17 minutes	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.

Preparing for the upcoming GDPR data law.

While it's not the most pleasant exercise, it's not a task to ignore.

What is the GDPR?

What GDPR could mean for your business

It's legally binding

It covers the whole life cycle of personal data

The GDPR needs a business-wide approach

It's all about open, honest usage of personal data

Good security is essential

You'll need to get on top of your information systems

A website and digital marketing GDPR checklist

1. Does your website use contact forms?

2. Do your website users register or sign up for services?

3. Do you use a live web chat facility?

4. Is your website secure enough?

5. Does your website use SSL encryption?

6. Do your website cookies and cookie policy comply with GDPR?

7. Do you use email marketing?

8. Are your regular emails GDPR compliant?

9. Do you have a procedure in place for personal data requests?

If you'd like Matrix to help with any of these areas of GDPR compliance, get in touch with us. We'll be happy to quote for the changes we can make – and to point you in the right direction for anything else you need.

New Website for the Mussel Inn

New Website for Climb Channel Solutions UK

New Website for Sapphire Spaces

New Website for Westcountry Potters

Is your website ready for mobile-first indexing?

Five tips to maximise your Facebook advertising

We’re here to help.

Preparing for the upcoming GDPR data law.

While it's not the most pleasant exercise, it's not a task to ignore.

What is the GDPR?

What GDPR could mean for your business

It's legally binding

It covers the whole life cycle of personal data

The GDPR needs a business-wide approach

It's all about open, honest usage of personal data

Good security is essential

You'll need to get on top of your information systems

A website and digital marketing GDPR checklist

1. Does your website use contact forms?

2. Do your website users register or sign up for services?

3. Do you use a live web chat facility?

4. Is your website secure enough?

5. Does your website use SSL encryption?

6. Do your website cookies and cookie policy comply with GDPR?

7. Do you use email marketing?

8. Are your regular emails GDPR compliant?

9. Do you have a procedure in place for personal data requests?

If you'd like Matrix to help with any of these areas of GDPR compliance, get in touch with us. We'll be happy to quote for the changes we can make – and to point you in the right direction for anything else you need.

Matrix Newsletter

Also in our blog

New Website for the Mussel Inn

New Website for Climb Channel Solutions UK

New Website for Sapphire Spaces

New Website for Westcountry Potters

Is your website ready for mobile-first indexing?

Five tips to maximise your Facebook advertising