Colour Creation Websites - Logo
By in Develop + Grow

Undertake a GDPR audit on your website or app and receive peace of mind.

Are you unsure about the can, cannot and must do in regards to collecting user information on your website?

We can assist you towards becoming GDPR compliant. The GDPR Data Protection regulations become enforceable after 25th May 2018. There are a certain ‘must have’ processes* that owners of websites must follow.


If you’re a website that values your reputation, we’ll explain a few things you might want to watch out for …


“I don’t need the details. Just tell me how it affects my website and what I need to do:”

Quick List

  1. Are you using a Contact Form?
  2. Are you still using HTTP? UnEncrypted?
  3. Are you sending or interested in Newletters?
  4. Are you an eCommerce website?
  5. Are you using or interested in Google Analytics?
  6. Are you unsure about Cookies and what they’re collecting?
  7. Does your website allow user registration?
  8. Unsure about or missing a Privacy Policy?

If you said yes to any of the above points, you may well benefit from a GDPR audit. Contact us today to find out more.

* Compliance and must have processes do depend on your website/app and how it functions. That’s why an audit is essential in tailoring a solution for your business.

gdpr regulation


1. Are you using a Contact Form?

The purpose of most forms is to collect personal data and you’re responsible for letting the user know what data will be stored, how, where and for what purpose, you’ll need to create a privacy policy where you clearly and in a simple and easy format fully disclose your data collection and storage practices. However you’ll also need to seek consent.

To inform the user of the data you collect and ask for their consent you need text and a Checkbox field.


2. Are you still using HTTP? UnEncrypted?

We covered this in our article ‘HTTPS certificates now used as a Google ranking signal’ here.

An SSL (Secure Sockets Layer certificate) offers an encryption process setup in the hosting space of your website. The purpose is to securely encrypt all the details that are entered into any forms or fields on a website. We offer 2 different certificates, a starter certificate and a premium certificate. For larger businesses and eCommerce sites we recommend the premium certificate as it is not only certified by COMODO but has further protection and insurances. The starter certificates do not.


3. Are you sending or interested in Newletters?


Many websites encourage users to sign up via a website form to receive weekly or monthly newsletters. Regardless of whether you use a desktop email client or third party system like Mailchimp, you need to ensure sure the user has the option to OPT-IN (not OPT-OUT). You’ll also need to provide another separate tick box if you also give the user’s details to another party. We need to ensure that the emails you market all provide the user with an unsubscribe link.


4. Are you an eCommerce website?

eCommerce sites almost always require some kind of user profile creation, including fields for name, email, address & phone number. Therefore not only do you need consent but you also need to offer the users an ability to request the data you hold on them and even to delete their account.

Also not only do privacy policies apply to eCommerce sites but they also benefit from SSL Certificates. If you’re running an eCommerce store you no doubt appreciate the importance of a good reputation and imparting trust to your users. Being GDPR compliant will help you reach that goal.


5. Are you using or interested in setting up Google Analytics?


Google analytics is a fantastic tool for measuring your websites traffic, user profiles, popularity etc. However if you are using or intending to use this tool it’s important to note that although Google will be GDPR ready, it’s your responsibility to either gain consent or anonymise the IP’s of your visitors. You will need to make sure that it is referred to in your privacy policy.


6. Are you unsure about Cookies and what they’re collecting?

A cookie pop up is a logical and well-established solution to gaining consent. You will be required to state that cookies are used on the site and that the user needs to agree to the use of the data as set out in the privacy policy. As it is likely some cookies are purely functional and not data gathering tools and without them the site won’t work properly, you need to be clear with users how you are using them.


7. Does your website allow user registration?

Websites that offer the ability for users to setup accounts and those that store information about its users stored SQL database need to take note. In most instances, unless it’s your online bank, these details will be unEncrypted and so if the SQL file was accessed this content could be easily read.

Again you need to be clear about how you are storing this data and perhaps in the future, whether you even need to store this info?


8. Unsure about or missing a Privacy Policy?

A privacy policy is a key feature of the GDPR legislation. It is often presented as a web page and gives detail about the website owner’s policy on what data is captured, when it was captured, what the data is used for, the third party’s details and the process as well as the process of requesting the user’s details and request that they be permanently deleted.

You also need to state what steps you will take in the event of a data breach.

We always recommend that in addition to appointing a Data Protection Officer you seek legal advice should you have any questions. We can assist you in drafting a privacy policy with recommendations on what to include.


Don’t sit in the dark, talk to us today about GDPR and what it means for you…

 

Fill out the form below to register your interest in GDPR compliance

I consent to having Colour Creation collect my name, email & telephone number.

I Agree