Is Your Website GDPR-Ready?

News Is Your Website GDPR-Ready?

Until now, data protection has had a somewhat flimsy role online: the current laws were passed in 1998, and while they served just fine to protect a pre-internet age from violations of personal information, in a time of cloud, cookies and IP addresses, they’re somewhat outdated. But the government is about to remedy this.

From May 25th 2018, the new GDPR (General Data Protection Regulation) laws will come in, and they’ll affect every business that sells or operates within the EU. (Yes, England may well be leaving the EU soon, but they are not exempt from this particular set of regulations. It’s confusing. Don’t ask).

But what are these new laws?
In a nutshell, the new laws are designed to protect web-users’ personal information from being sold, distributed or otherwise mishandled without their consent. They’ll give power back to ‘the people’, and put a stop to rogue companies who trick customers into giving over their data, only to sell said data at a profit. They should also help to minimise cold calling. The full GDPR document can be found here[1], but the regulations include:

  • The ‘right to be forgotten’ – web users will be able to demand that companies/social media sites permanently delete their information
  • Users will ‘opt in’ (rather than ‘opt out’) to companies giving away their information to third party marketers, making it harder for data to ‘slip through the gaps’
  • Privacy settings (where applicable) will be set to the absolute highest level unless a user gives explicit consent for them to be lessened.
  • A minor’s data will never be shared without their guardian’s consent

Notably, organisations of any kind will be held rigidly to these terms regardless of how large or small they are, and the penalties for non-compliance are steep. If a business is found breaching these conditions, they could be fined up to £17million, or 4% of their global turnover, depending on which is larger. And now that you’re really listening, let’s explain how to get your website ready for GDPR.

Never assume consent
Even in cases where it seems almost obvious that a user’s information is going to be stored (such as when you register or enquire with a site, for instance), it’s always best to ensure that consent has been given to collect or use data. It’s worth noting that including this consent within a 60-page ‘terms of conditions’ document won’t cut it anymore, either. Information about how data will be stored or shared needs to be as obvious as a swimming pool in a desert, and ideally needs to have its own separate tick-box.

Get more specific
As of May 25th, time will officially be up on companies being vague. If you’re planning on distributing your users’ data, not only will you have to disclose this, but you’ll also have to specify exactly which third-parties may be privy to receiving it. Ideally, there should be a separate, consenting ‘tick’ for every company that you plan on sending data to, passing full control onto the customer regarding who sees their information. It’s a hassle, yes, but if the outcome is happier, trusting visitors to your site who aren’t spammed every 10 minutes, then surely it’s worth it? Besides, did you see the penalty for non-compliance? It really isn’t an option.

Get some good advice
Although we’re by no means lawyers, SO Marketing will be taking the new GDPR into consideration every time we create a website, and so everything, from your cookie banner to your checkout page, will be designed with this in mind.

[1] Hyperlink to

Take a look at our previous work. Explore our team and agency. Learn from our latest insights. Get in touch to begin your journey with us!