5 Easy Steps for a GDPR-safe Website
5 easy steps for a GDPR-safe website is an easy guide to what to consider when it comes to GDPR-related issues and your website.
You already know about the need for quality content that speaks to your audience and engages and tells them about you, your skills and how you can help them solve their problems. You also know about the need to give visitors a good experience and a clear journey to reach your goal for them, whatever that is. I’m not covering any of that. I’m going to run through the key points to help you avoid potential pitfalls.
1. Hosting
Starting from the beginning, you should consider where your website is hosted. That means where their servers are and also where the parent company is located. The reason why you should do this is to get your due diligence right for transferring the personal data of those who use your website. It’s not just any visitors, whose IP address, device ID and other data may be automatically collected but, if you have a subscription or enquiry form, your potential and actual clients’ personal data will be moving through your website’s hosting server.
If you have UK-based clients either only or mainly you may consider hosting it with a UK-based hosting company.
What should you check?
As a reminder, your usual due diligence apart from server location includes checking the hosting company’s Privacy Notice, including their security standards. If you speak to a sales or customer service representative, what impression do you get from them?
Making careful checks at the start will net you the best option and save you time later on.
Performance issues you should be checking are reliability (e.g., server up-time), other customer reviews e.g. on Trustpilot, and the level of customer service – how fast and in what format because when something goes wrong this will become crucial. Of course, the price will come into it but cheap isn’t always the right choice!
2. What should you have on your website?
There are 2 documents you need for your GDPR-related compliance: your Privacy Notice and a Cookies Policy. The first is referred to in the legislation and the second is all about getting valid consent for collecting personal data via electronic trackers.
Privacy Notice
Your Privacy Notice – this is probably the most widely known GDPR-related document for coaches and consultants and its importance can’t be overstated. It’s how and where you tell individuals what, why and how you collect their personal data and what you do with it.
It must be clear, accurate, and understandable for your audience. It can be in whatever format you prefer and works best for your people. It could be written, a video, or any other format that will successfully get your information across. For example, Twitter has a vintage platform game version https://twitterdatadash.com/ to explain its Privacy Policy and feed into its brand image. You can style yours however you wish. Collapsible sections, bullet points, easy-to-follow headings… it’s up to you. Then ask someone who isn’t familiar with you or your business to read yours and tell you what they think it means.
Cookies
Your cookies policy – this explains what cookies are installed by your website (or app) and what they do.
What are cookies?
Cookies are pieces of code that install themselves on your browser or device to track your behaviour and preferences. They can be quite useful or just the opposite.
You should know what type of monitoring you have set up on your website and be transparent about it when your cookie banner asks for consent to install the trackers.
Don’t forget that any buttons you have that link to your social media accounts also drop cookies.
You must have consent for all but essential cookies. Google Analytics has been the subject of successful court cases against them in several countries in the EU in the last 12 months.
How can you get a cookie control set up on your website?
There are many ways to get a suitable cookie control banner set up on your website. Your web designer may be able to suggest some solutions, for example.
If your website is built on a CMS platform such as WordPress, I would suggest testing some cookie banner plugins – there are usually demo versions or at least a series of screenshots to give you a feel for if you might like working with it.
TRIED & TESTED BY ME: I use the Complianz WordPress plugin, which I like. The paid-for version for added functionality and the good news is, it can create your Cookie Policy, Privacy Policy, and Terms & Conditions documents. You use an in-built wizard to produce them, which makes it very simple.
My affiliate link you can use if you wish. https://complianz.io/ref/374/
Keep a record of consents
Just a reminder that, where you are collecting personal data through your website, you must get proper consent for each purpose and you keep a record of those. Link to your Privacy Notice from your cookie consent control banner, each individual consent request statement and also include a link in your footer, for example.
3. Terms & Conditions
There is a 3rd item that also sits with your legal documents and that is your T&Cs. These can just be for your website, and you will have a separate version to send out with contracts or link to for your online products and services. If you have a simple product range you could have a combined document as you can with your Privacy Notice.
You may want to have them professionally drawn up by a lawyer or use a free or paid-for template.
Be sure to link to your T&Cs from each page.
4. Security of your website
GDPR requires you to keep personal data secure at all stages of processing – this is one of the Principles of the Regulations.
Website security tips
Here are some essential website security tips:
- Use secure reputable hosting
- Make sure your Admin area is secured – strong password & MFA to start (always change defaults)
- Protect your website from hackers – use security plugins
- Use SSL (HTTPS rather than HTTP)
- Keep everything updated
- Backup all data regularly
- Remove any unused themes and plugins
- Take care who has admin access to your site
5. WordPress useful plugins
I mentioned website plugins. Here are my TRIED & TESTED plugins:
- Cookies: Complianz – will create your Privacy Notice, T&Cs and Cookie Policy
- Analytics: Burst Statistics (by Complianz) – stores your site analytics locally
- Security: WordFence & Cloudflare (Cloudflare is installed by my hosting company)
- Google fonts: OMGF – stores your fonts locally
- Extra: not for GDPR but still a good option for your SEO: Rank Math
Free versions of all of these are available – check if they meet your needs!
These are your 5 easy steps for a GDPR-safe website!
Need more help?
Book a FREE 20-minute Introductory Chat and let’s see what you need.
Join my Jargon-Free and Shiny Facebook community group and ask questions.
Subscribe to my SBU (Small Business Update) NEWS and TIPS to stay up to date with what you should be doing and how-to easily.
Check out my online courses (more coming!) and 1-2-1 help.
Whatever suits you and your business!