The General Data Protection Regulation (GDPR) is a law on data protection and privacy for all individuals. It becomes enforceable on 25 May 2018.
We have set out guidelines on what you need to do and what we can do for you.
What you need to do:
- Re-write your Privacy Policy according to the ICO GDPR guidelines. This can no longer be a generic ‘template’ style Privacy Policy and must instead clearly state what the company does with personal data once it is collected.
- Go through your website and consider whether consent needs to be given on any forms / ecommerce checkouts / email signups etc. For example, having separate opt-in tick boxes to sign up for a newsletter, sign up to third party marketing, phone marketing etc. See ICO GDPR guidelines for guidance on this. If you need to change the forms/checkouts on your website, and can’t do it yourself, you should instruct us to make these updates.
What we can do for you:
Forms
i. We can update forms on your website to ensure opt-in tick boxes are in place where required.
ii. The majority of forms used on WordPress websites store data on a MySQL database indefinitely.
We can;
a. Add a function to clear this backup so data is stored for no longer than 60 days.
b. Remove the backup (NOTE: if the form ceases to send emails due to a technical error then potential enquiries will be lost).
c. Leave it as is because you require the data from these forms to be stored on the database (NOTE: GDPR guidelines suggest that data only be stored as long as necessary).
E-Commerce websites
i. We generally install WooCommerce on our WordPress websites which comes with a default Terms and Conditions / Privacy opt-in tick box that can be added to the checkout. If your website doesn’t currently have this in place we can add it in.
ii. If the checkout is linked to a MailChimp account the customer must be made aware and be allowed to opt-in. If this is not the case we can change this.
iii. WooCommerce stores order data in a MySQL database indefinitely.
We can;
a. Add a function to clear this backup so data is stored for no longer than 60 days.
b. Leave it as is because you require the data from these orders to be stored on the database (NOTE: GDPR guidelines suggest that data only be stored as long as necessary.)
Membership websites
i. Websites that store personal information in member accounts are subject to GDPR legislation. The personal data stored must be on the live database for a reason (e.g. processing purchases, displaying location on a map etc.). If it doesn’t need to be stored in the live database then it most likely will need to be stored elsewhere. This applies mainly to sensitive data such as medical info, biometric data, genetic data but there are extra safeguards which apply to criminal convictions and offences – see Articles 9 and 10 (pages 38 – 39)
We can;
a. Help remove any data which can no longer be stored in a live MySQL database within a WordPress site.
b. Help export any data which can no longer be stored in a live MySQL database within a WordPress site in order to keep it as an offline record.
MailChimp
i. If you send out different types of mailer i.e marketing/advertising, newsletter etc. your list will need to have groups for the different types of mailer. We can create groups within your mailchimp list.
ii. GDPR legislation requires that signup forms should include fields for users giving consent/opting in to all types of marketing emails and newsletters and consent for storing their data; a separate checkbox is needed for each agreement. We can add checkboxes to website signup forms for consent for different types of mailers and a checkbox for consent to storing the data.
iii. You will need to collect GDPR-friendly consent from the contacts you already have. An email will need to be sent to everyone on your list that includes a link to update their settings. You can send out the consent email yourself or we can do it.
In order to go ahead with GDPR related work, please email info@thedesignworks.co.uk
