Me and GDPR ... again!
I was at another GDPR workshop today and thought I would share a few things to take on board regarding your website.
The bottom line is that you need to:
For most companies there are 4 legal bases on which data can be collected, stored and used under GDPR:
I believe that my mailing list is a good example of a legitimate interest. The only people on my mailing list are clients who I feel will benefit from information about things like GDPR, changes on the web, new technology or services that may benefit their business. There is a legitimate reason for me sending them a newsletter.
I do not add anyone other than clients to my mailing list. Everyone else will have actively signed up themselves.
So, what if you have a sign up forms on your website?
If you have newsletter sign up forms on your website they need to clearly state what you will be using the data you collect for and ensure people can unsubscribe easily if they wish to.
This is what I say on our website: “The purpose of our newsletter is to provide you with information about changes on the web, tutorials, help and advice that we hope will interest you and ensure you are making the most of new technology. We may also present case studies and articles about local businesses and the community. We like to think our newsletters are relevant and useful but if you change your mind about receiving them it is very easy to unsubscribe using the link at the bottom of the newsletter. And, just so you know, we will absolutely NOT pass your details on to third parties.”
When we set up newsletter sign up forms for our clients we use Mailchimp so there is a double opt in, which means that if a visitor completes the online form they will also receive an email with a link to click and verify that it was definitely them that signed up.
There is also a very clear unsubscribe option on Mailchimp newsletters.
If you have any other forms on your website that are not associated with Mailchimp you need to make sure that tick boxes are opt in and NOT opt out. This may occur if you have an online shop where, at the checkout stage, you ask purchasers if they also wish to receive your newsletter. Our advice is that you check your forms.
A little attention to detail now may save you unnecessary pain further down the road.
Finding out more
Rather than stick your head in the sand, it’s probably a good idea to attend a GDPR workshop. The one I attended today was free and run by the Cambridgeshire Chamber of Commerce. Contact your local Chamber to see what support they are offering.
The best online reference is the Information Commissioner’s Office which has the most up to date information on GDPR.