Think of the moment when your clients’ potential customers are shopping online and it’s time to share their personal data, like their address, credit card information or phone number. For first-time visitors, they’ll probably look for indicators that your client is reputable, with standard protocols for security and privacy. In fact, 75% of consumers will not buy products from a company if they can’t trust them to protect their data.
These expectations have been reinforced by the General Data Protection Regulation (GDPR) and the ePrivacy Directive, intended to strengthen and unify data protection for European Union (EU) citizens, whether or not your business is located in the EU.
Here are 6 tips to help you create GDPR/ePrivacy compliant websites for your clients, so as site owners, they can protect their customers’ data.
Fine-tune privacy policies
Obtain clear consent to use tracking technology
Make sure plugins are GDPR compliant
Remove data that’s no longer needed
Clean up mailing lists
Use GDPR to help build business
1. Fine-tune privacy policies
With GDPR, your clients’ privacy policies must disclose the ways your website gathers, uses, and manages visitor data. They must be explicit, stated clearly and available in an easy-to-find document that says how your client processes data and the legal basis for it. You’ll want to state what data is being saved and how visitors can retrieve their data or delete it.
2. Obtain clear consent to use tracking technologies
Complementary to GDPR is ePrivacy Directive, which addresses tracking technologies, like cookies. If you’re going to use tracking technologies on your client sites, you must ask for consent from the visitor before such tracking technologies are placed on the visitor’s browser. Consider adding a cookie banner, which alerts site visitors of cookies prior to them being placed on their browsers. The data collected can only be used under the legal basis that consent was given. Keep in mind that the ePrivacy directive also requires a Cookie Policy which includes the name, type, purpose and duration of each tracking technology placed on the visitor’s browser.
3. Make sure plugins are GDPR compliant
The more plugins you have, the more work you’ll have managing updates, changes in business models and so on. Many plugins are offered as GDPR compliant, but you’ll still need to check. Installing plugins according to the vendor’s guidelines won’t be enough to meet GDPR compliance requirements. However, website platforms like Wix are already GDPR compliant and use web apps that update automatically instead of plugins.
4. Remove data that’s no longer needed
GDPR requires that all personal data related to a single individual must be accessible by that person and in a complete, accurate and portable form. The site owner needs to understand what personal data is stored, where it came from, who it’s shared with and why. Your client should review the data they're collecting and better understand why they need it. For example, analyzing purchasing trends is good, but storing complete credit card numbers for this purpose is not. So, your clients should limit the data they collect and store via form submissions.
5. Clean up mailing lists
Are you using mailing list with correct consent? Under GDPR, receiving contact information from a public source, like Linkedin or a business card, doesn’t imply a legal basis. However, If someone has engaged with your clients’ business after using a product or service, they’ve indicated a desire to connect with you. In this case, you may have a legitimate reason to email them. Cleaning up mailing lists to follow GDPR compliance is also a smarter way to run targeted marketing campaigns that will help you reach the right people.
6. Use GDPR to help build business
Look at GDPR compliance requirements as a way to protect customer data, build trust and create long-term customer relationships. GDPR also levels the playing field by giving small businesses the ability to process data on their customers when used in the right way. This opens a rich source of insight for innovation.
*Any information contained herein is not legal advice and you should not rely upon it as such. The GDPR is a complex regulation and require multiple actions from site owners. We recommend that you seek legal advice to understand and to prepare for possible additional requirements stated in such regulations.