Your website and what we are doing to help you become GDPR compliant

22 May Your website and what we are doing to help you become GDPR compliant

With the imminent arrival of the new GDPR, Europe’s new framework for data protection laws, many companies will be concerned about being compliant and what it means for their marketing. We wanted to provide some guidance and reassurance, ahead of this week’s deadline.

Although it may be daunting to clear out old and non-compliant data, companies should see this as a positive step forward and a fresh start for marketing. Think about it this way; customers who have given clear consent to keep in touch, are more likely to read and engage with marketing content – a clear win for your company!

The protection of data has always been important to Formedia and, with the GDPR regulations about to descend, it is important for us to be transparent and open about the data that we hold and process for our clients.

Below, we have documented the steps we have taken to become fully GDPR compliant and the safeguards you should be putting in place to ensure your company is compliant too.

What we have done to become GDPR compliant

 Secure Servers
The majority of our sites are hosted in the UK on secure, GDPR compliant servers. If your website is hosted in the US, we have ensured that the company has demonstrated that it will protect European users’ privacy and data.

 Data processing and third-party data processing
Only limited data that is required will ever be collected – we will only ask for data if it is needed to provide a service. Users will be informed what it will be used for, and we will not share or sell any data (unless compelled to by law). We will also check and review that any third-parties we use are also fully GDPR compliant.

 Access rights
Users will have the right to request for all their data to be transferred, or the right to be forgotten and have their data fully removed at any time. All databases will have restrictive access, so only selected users at Formedia can access data.

 Data Breach Policy
We will notify a client of a data breach within 72 hours of us becoming aware of it.

 Deleting old data
We have reviewed the information on our servers and computers to ensure that any old or unused data is erased. If we need to keep some information for tax or other legal purposes, we will keep only the data we need.

 Sorting through email lists
We keep on top of our clients’ email lists to ensure any old lists or data that is not GDPR compliant is deleted or reviewed.

 Contact form data
We do not receive or store any data from contact forms on your website – it goes straight to the designated recipient, so you can store or delete it as necessary.

Our recommendations for your GDPR compliancy

 Contact form consent
Explicit consent needs to be obtained before any data collection takes place. Consent cannot come from a tick box, it needs to be clearly explained and accepted. If any forms on your website have an automatically checked box, we can make this box ‘unchecked’. We can also look at adding explanations on how your data is collected and used, as well as adding a ‘terms and conditions’ check box.

 Update your privacy policies
If you don’t have a privacy policy, then you will need to get one written. If you already have one, then we can make sure it is up to date and reflects your current processes. We will also ensure that the information is accessible to the users by using a pop-up banner, rather than hiding it in the footer. If you have a maintenance package with us then the good news is that we will do this for you! If not, a one-off cost of £98 will cover the implementation of the banner and contact form amends.

 Gain the green padlock
An SSL certificate can be fitted to your site in order to ensure a secure connection between the web server and web browsers. Anything submitted through a contact form on your website will be encrypted, in order to stop any hijacking of data. You will see this as a padlock symbol in your address bar. SSL certificate installation cost: £98 plus £65 a year for the certificate.

DISCLAIMER: All data and information provided in this blog post are for informational purposes only. Formedia Marketing Ltd makes no representations as to the accuracy, completeness, currentness, suitability, or validity of any information contained herein. We recommend consulting with a lawyer for any legal advice pertaining to GDPR compliance.