Close close menu

Me and GDPR ... again!



I was at another GDPR workshop today and thought I would share a few things to take on board regarding your website.


The bottom line is that you need to:


  • Only collect data you need
  • Only retain the data for a reasonable length of time
  • Tell people what you will do with the data you collect
  • Ensure you only use it for the purpose you state
  • Make sure that you get real consent i.e. you are not using pre-ticked boxes on your website and that the visitor has to actively tick an opt in box
  • Have a clear GDPR compliant privacy policy on your website
  • Make it easy for people to unsubscribe from your newsletters or emails

New GDPR rules


Permissible processing


For most companies there are 4 legal bases on which data can be collected, stored and used under GDPR:


  • Contractual – if you need the data to full the contract e.g. a delivery address
  • To fulfil legal obligations – for example, recording details of accidents on site or complying with regulations
  • With the informed consent of the people whose data you collect and use
  • To pursue legitimate interests – HR, marketing etc

I believe that my mailing list is a good example of a legitimate interest. The only people on my mailing list are clients who I feel will benefit from information about things like GDPR, changes on the web, new technology or services that may benefit their business. There is a legitimate reason for me sending them a newsletter.


I do not add anyone other than clients to my mailing list. Everyone else will have actively signed up themselves.


So, what if you have a sign up forms on your website?


If you have newsletter sign up forms on your website they need to clearly state what you will be using the data you collect for and ensure people can unsubscribe easily if they wish to.


This is what I say on our website: “The purpose of our newsletter is to provide you with information about changes on the web, tutorials, help and advice that we hope will interest you and ensure you are making the most of new technology. We may also present case studies and articles about local businesses and the community. We like to think our newsletters are relevant and useful but if you change your mind about receiving them it is very easy to unsubscribe using the link at the bottom of the newsletter. And, just so you know, we will absolutely NOT pass your details on to third parties.”


When we set up newsletter sign up forms for our clients we use Mailchimp so there is a double opt in, which means that if a visitor completes the online form they will also receive an email with a link to click and verify that it was definitely them that signed up.


There is also a very clear unsubscribe option on Mailchimp newsletters.


If you have any other forms on your website that are not associated with Mailchimp you need to make sure that tick boxes are opt in and NOT opt out. This may occur if you have an online shop where, at the checkout stage, you ask purchasers if they also wish to receive your newsletter. Our advice is that you check your forms.


A little attention to detail now may save you unnecessary pain further down the road.


Make sure you have a privacy policy on your website


Yes, that again. Sorry to harp on. But it is important that, if you are collecting data on your website, you display a GDPR compliant privacy policy. You can write this yourself. Alternatively, if you would like me to send you an example of one that you can customise simply email


Finding out more


Rather than stick your head in the sand, it’s probably a good idea to attend a GDPR workshop. The one I attended today was free and run by the Cambridgeshire Chamber of Commerce. Contact your local Chamber to see what support they are offering.


Finding out more about GDPR


The best online reference is the Information Commissioner’s Office which has the most up to date information on GDPR.