The implementation of the new GDPR has been heralded for quite some time now. While many companies in the EU diligently contracted compliance professionals, others struggled to understand every aspect of the new regulation and make their company GDPR compliant with existing staff.
The GDPR, implemented on the 25th of May, 2018 is now active and companies who have yet to oblige by its rules must start right away. As with any new law, the GDPR is an exhaustive and often confusing piece of legislation. In this post, we break it down for you.
Needless to say, being GDPR compliant saves you from severe fines. To avoid suffering the same fate as Facebook and Google, who faced fines of over 9 billion for breaching the law, it is high time to give your website and subsequent online activities a makeover.
One of the main aims of this data protection law is to give users control over how their private data is handled by companies. Keeping this in mind, let’s explore 10 ways you can make every aspect of your company’s website GDPR compliant.
Revamp Forms
Under the new regulations, every company must redesign their forms if the default option under contact preferences is ticked Yes. In the pre-GDPR era, many companies got away with sneakily tricking customers into giving them the permission to send promotional content or use their contact information for marketing purposes.
All that changes now. Work with your web development team to redesign any existing form on your website, whether it’s for a newsletter subscription or job application and remove the default option. Customers must opt-in themselves in they wish to be contacted.
Unbundled Opt-In
In your forms, consent should be asked separately for accepting the T&Cs and any other consent for the use of customer’s private data. This means every consent option should be laid out clearly and separately with the tick boxes to accept or reject permission.
For example, while a customer may agree will your company’s T&Cs, they may not want to hear about new offers and discount deals. Therefore, permission should be sought out separately for every reason you may want to contact them for.
Granular Opt-In
Taking the previous rule a step further, here you should ensure that you distinguish between the different modes of communication and ask for permission separately for each one, i.e. when you ask customers, ‘How would you like to be contacted?’ You must provide tick boxes next to all options such as: Telephone, Post and Email. This is done to give customers full control over how their data is used to contact them.
Easy Opt-Out Option
It’s only fair that opting out should be as easy as opting in. In addition to placing an opt-out icon below all your communications, it is important to give customers the freedom to modify their contact preferences within a few clicks.