If you live in the U.K., you’ll have noticed the slew of emails flooding into our inboxes during the past month informing us of the need to opt into email marketing and newsletters. This is all thanks to the GDPR (General Data Protection Regulation).
GDPR, What the Heck!?
The new regulations tighten up laws surrounding how companies and websites store and use your personal data. Data here is defined as anything which identifies you. This can be something as simple as your name or date of birth to email addresses or cookies tracing your net use.
For anyone running a website, the GDPR raises a few issues. If your site is operating in the U.K., you must be compliant. The ICO (Information Commissioner’s Office) have a range of penalties they can issue on GDPR infringement ranging from warnings and temporary bans on data processing to fining. Fines can be up to $20 million or four percent of a company or site’s average turnover — whichever is higher. For cammers in the UK running their own sites, this could hit them hard.
Some Compliance Tips
GDPR compliance sounds scary but it doesn’t have to be. We have known this was in the pipeline for a little while, and there are plenty of tools out there to assist you to bring your site up to code.
So, what should we know?
Cookie policies are mentioned in the GDPR
Cookies identify users to your site and collect information for traffic analytics and advertising purposes. Because they can identify a user by their device, this is considered personal data.
If your site is using email marketing, you need to make sure users are opted in andthat you can prove they have consented to receiving your messages. This means no more pre-ticked boxes on email contact. If you can’t prove consent but know your subscribers opted in, tighten up your record keeping procedures in the future. Make sure you include an unsubscribe link on the bottom of all emails so it’s easy to opt out.
Contact forms are one common way sites collect data from users. Good GDPR-relevant ideas include justifying why you are asking for the information on the contact form and adding a consent box to your contact form so users can show they agree to you collecting this information and contacting you. Don’t keep contact forms longer than is necessary.
Also, to emphasize the security of customers’ data, site owners need to have an encrypted storage environment. Adding an HTTPS protocol to your site helps encrypt and protect customers’ data.
What does an expert say?
Records Management Consultant Emily Overton had this to say about the GDPR:
Data protection is everybody’s responsibility. Though someone overwhelming and onerous, in building a good reputation and maintaining users’ confidence, the GDPR stands to benefit us all.
Editor’s note: GDPR regulations are complex. This post is not intended to be the last word in GDPR dealings. Do your due diligence to ensure you are compliant and effective in your dealings.
Katy Seymour is a super-sex-positive writer in the U.K. who believes kink is life. Email her at firstname.lastname@example.org.
Image via Pawe Sobocinski.