Is your website up to speed with the European privacy law GDPR? No? Or maybe you’re thinking, ‘Uh, I have no clue’? If that’s you, this blog is your go-to resource.
I’m here to break down what this privacy law means, how it impacts your website, and give you a helpful checklist to kickstart compliance right away. Ready to dive in? Let’s go!
What is GDPR?
Since 2018, this privacy law has been a big deal across Europe, officially called the General Data Protection Regulation (GDPR). The aim of GDPR is to give individuals more control over their personal data. Personal data is any info that can identify a person, like their first and last name, address, phone number, email address, and so on. Basically, anything that can trace back to an individual.
Nowadays, it feels like your data is being tracked everywhere you go online. Ever noticed how ads from a site you just visited follow you around? This law is designed to protect consumers from such practices and prevent data breaches.
❗️It doesn’t matter where your business is located – if you’re dealing with anyone in the EU, you’ve got to be on board.
Do I Need to Follow GDPR Rules?
Most likely, you’ll need to get on board with GDPR. This regulation affects any business dealing with personal data from people in the EU, even if your company is based elsewhere.
Consider these scenarios: if any of them ring true, it’s time to get your website in line with GDPR:
- Your website has a contact form
-
You offer freebies on your site in exchange for email addresses through Flodesk or Mailchimp
- You’re using Google Analytics
- You advertise using tracking tools like Facebook Pixel
- Or you collect personal data in any other way.
Checklist: how to make your website GDPR-compliant
Here’s a quick checklist to make your website GDPR-compliant:
- Secure your website with an SSL certificate
- Optimize your forms
- Add a privacy statement to your site
- Implement a cookie policy and cookie banner if needed
1. Secure your website with an SSL certificate
To protect your customers’ data, make sure your site has an SSL certificate. Just look for the ‘HTTPS’ in your URL or that little padlock symbol in the browser’s address bar. Trust me, it’s a straightforward step that’ll boost your credibility and safeguard personal information.
Getting an SSL certificate is easier than you might think! Just get in touch with your web hosting provider to set it up.
Already using Showit? Good news! Your website comes with SSL security built-in, thanks to their inclusive hosting options. If you’ve got any questions, just reach out to their helpful support team.
💡 Want to know more reasons to choose Showit? Check it out here!
2. Optimize your forms
GDPR guidelines suggest that your contact forms should stick to the bare essentials – only collect what’s truly necessary for the service you’re offering. Do you really need someone’s phone number or address? If not, leave them out!
Watch out with freebies!
A common mistake (and yup, I’ve been there too) is offering a freebie through a form in exchange for an email address and then automatically adding those people to your newsletter list. That’s a definite no-go. Just because someone downloads your freebie doesn’t mean they’ve agreed to receive your newsletter.
If you’re offering a freebie on your website and want them to sign up for your newsletter as well, don’t forget to ask for explicit consent. Photographers, this also goes for when you’re sharing a pricing guide for email sign-ups!
Not sure if your forms are up to GDPR standards? Take a look at the examples below:
By clearly indicating the purpose of your form here, you don’t need to ask for explicit consent.
You can add this form to your site, but remember – it’s for sending the price guide alone. In this situation, the visitor hasn’t opted in for your newsletter, so sending that’s a no-go.
This form is misleading because it doesn’t clearly offer the option for users to say “yes” to newsletter sign-ups.
In this situation, you can send both the pricing guide and the newsletter because it’s clearly mentioned in the title. It’s safe to assume the visitor agrees to receive both.
You shouldn’t make someone subscribe to your newsletter just to get your pricing guide. If they are forced to sign up to access it, that’s not really giving them a choice, is it?
Here’s a winning form! It lets visitors ask for a brochure and offers the chance to opt into your newsletter. Only those who tick that box will get the newsletter, ensuring everyone’s preferences are respected.
3. Add a privacy statement to your site
You must include a privacy statement on your site if you’re collecting personal data. This lets visitors know why you’re collecting their data and what you’ll do with it.
A privacy statement needs to cover a lot of ground: your contact details, the data you collect, the legal basis for doing so, etc. It might sound daunting, but don’t worry: get a lawyer to draft it or use a privacy generator like this one from CookieYes.
Typically, you place the privacy statement on a dedicated page or in a PDF linked in your website’s footer.
4. Implement a cookie policy and cookie banner if needed
So you’ve got cookies on your site, huh? Whether it’s through tools like Google Analytics or Facebook Pixel, you have to have a cookie policy on your website. Plus, you’ll need to use a cookie banner to get user consent.
What are cookies? 🍪
Cookies are small text files stored on your visitors’ devices. They remember details such as where your users are based or their preferred language, making returning visits smoother.
Cookies are generally sorted into three categories:
- Essential cookies: think of these as the backbone of your website’s functionality, ensuring everything runs smoothly – like keeping track of items in a shopping cart.
- Analytics cookies: if you use Google Analytics, these track your site’s visitor stats – who visits, how they found you, which pages they view, etc.
- Tracking cookies: Remember those ads that seem to follow you from one website to another after you’ve window-shopped online? Yep, These tracking or marketing cookies are responsible for that. They follow your visitors’ browsing behavior for ad targeting.
It’s essential to get user consent for analytics and tracking cookies, so having a clear cookie policy and banner is key!
Cookie policy
A cookie policy explains which cookies your site uses and why. You can easily create one with templates like this one from CookieYes.
Key info to include:
- General description of cookies: what they are and their purpose
- Types of cookies you use and the data collected
- Reasons for using these cookies
- How visitors can delete cookies
- How long cookies are stored
Cookie banner
A cookie banner is a pop-up that appears on your website to let visitors know about cookie usage and gives them the option to accept or decline them.It’s super important for users to actively choose whether they want to accept or reject cookies. Cookies shouldn’t start working without getting visitors’ consent first.
Here, cookies are being used without the user’s permission, and there’s no option given to decline them.
In this cookie banner, users can choose to accept all cookies, reject them, or go to settings to only accept selective cookies.
There are plenty of tools out there to add a cookie banner to your site. For WordPress, plugins like Cookiebot are great. For a Showit website, you can use a cookie banner from CookieYes.
Conclusion
Having a website means you’ve got to check if the GDPR applies to you. Spoiler alert: it probably does! This blog has walked you through the GDPR maze and given you the steps to get your website GDPR-compliant.
Ever wondered what tools I rely on daily to keep my website, marketing and workflow running smoothly? I've put together a list just for you so you can spend more time doing what you truly love!
My favorite tools & resources for creatives
Read more ...
