GDPR and your Website

GDPR and your website.

We’re getting closer to the deadline and at ABL we’re going through the fine print to ensure we’ve got our best foot forward. We’re having a design overhaul and having some internal changes; a great excuse for a clear out and some fine tuning to our business practices – it’s always a good idea to review your brand every so often to make sure your projecting the right message for your services and clientele.

We will be launching a brand new website at the same time as the GDPR deadline, so we can ensure we have everything we need to be compliant, and clear. Transparency is key – our users need to know what we do and how we do it to retain a good customer relationship.

Here’s a few things we’ve been reviewing that everyone should consider coming up to the deadline.

Cookies Policy

Check to see if there are any changes to the way your website collects cookies. Your cookie policy needs to be re-accepted if you change any of the information on it, are you still collecting the same information, using the same channels?

Consent & Privacy policy

The GDPR has made it clear that consent needs to be obvious and documented. This means you need to have a privacy notice attached to every form of input on your website. Privacy notices should state in plain wording how the information being submitted is going to be stored and processed including whether 3rd parties have access. This includes if you use 3rd parties for your email marketing campaigns. Remember, no auto-opt ins are allowed from May 2018 so if you’re collecting emails to add to a mailing list, there needs to be a clearly labelled opt in box, go the extra mile and use double opt in services.

Terms and conditions

Have you been over your terms and conditions to check whether they are up to date and compliant with the new regulations? Make sure how your website tracks and uses user information and what you’re going to do with that information is included.

Access Requests

Another factor to consider, is the way someone can request their data from you and how to request for it to be deleted, this must be a free service; you won’t be able to charge for this anymore. You are required to be able to collect and inform someone of all their data that you hold upon request. This data needs to be secure if it is personally identifiable and you need to have a process and policy for how you deal with the request of this data being deleted. If you cannot delete it then you need to be able to inform them of why.  This should be available on your website.

Client confidentiality

Is your security up to date? Along with the policies you have in the office and personally to keep client information protected, you need to make sure the process for collecting information online is secure. Websites with SSL certificates rank better with Google as well as show your user that you’re trustworthy. Don’t just stop there – back it up with antivirus and a firewall on your website.
We don’t store user data on our servers, but if you do you need to make sure it’s safe.


There needs to be a clear unsubscribe option available on your website, and on all marketing emails. They can be set up for each list on your campaigns if you’re using such tools as MailChimp.

Are you ready?

There’s still a couple of months to go, so if you haven’t started, start now.

There’s plenty of information online – though some of it seems hard to navigate and some of it seems daunting, it’s there to help and protect everyone.

Here’s some helpful information we’ve found: