How Can You Make Your Website Compliant With Data Protection?
Source: ITGovenance
Have you got a cookie policy on your website? Are you advising website visitors of the fact that you are using cookies, what types of cookies you use and why?
Are you providing them with the options to accept, reject or modify their cookie preferences? Is your cookie banner appropriate?
If you’ve answered “no” to any of these questions, then your website doesn’t comply with the GDPR (General Data Protection Regulation).
So what can you do about that? A good place to start is the Data Protection Commission’s advice on cookies and other tracking technologies and its report on the way organisations are meeting the Regulation’s requirements.
But what about organisations that are happy with your privacy notice and have updated their cookie banner and policy so that it reflects the DPC’s recommendations? Does this now mean that your website is demonstrating your GDPR compliance?
.
What You Need To Consider
If you are processing personal data on your website, you must document an appropriate purpose as well as an Article 6 lawful basis for this processing?
If you are processing children’s personal data online, you need to ensure you have an Article 9 exemption, as well as a lawful basis and purpose for the processing.
If your website is displaying photos or videos (or links to either) and these media contain people – you need to ensure that you have a GDPR-compliant lawful basis and purpose for processing these images.
If you are using an online application form or online “contact us” form, you must check that your wording appropriately outlines the purpose and lawful basis for capturing this information.
Whether information being gathering via a “contact us” form is being used for purposes other than that which is was collected, such as marketing. If so, you should check whether you have a lawful basis, inform data subjects of your practices and provide a link to your privacy notice.
If you are gathering information via your website, how long are you storing this information and how is it protected? Are you making people aware (via the privacy notice) of these details?
If you are using testimonials from clients on your website, have you obtained their consent to quote their names? How long are you storing their consent?
If you are using photos or videos of your employees on your webpages, you should ensure that the employee contract, the data privacy notice and the data privacy policy cover such purposes.
If you think your organisation needs to work on any of these requirements, you must act now. The DPC recently published a report stating that will start enforcing cookies requirements more rigorously, following an investigation that revealed widespread non-compliance.
So, What’s Next?
You can get up to speed on the GDPR and how it’s obligations affect you (including your webpages) – check out our Website Compliance Packages here
This audit is delivered by an experienced data protection expert, and provides a comprehensive instructions and tools to get your site compliant with the regulations and its rules.
It is ideal for small businesses who want to ensure their organisation and websites are operating within GDPR compliance standards.
Join Our Mailing List
Once Monthly Webinar
Free Webinar Once Per Month
Our free webinar runs once per month and is available to anybody who wants to know more about getting started on the road to data protection compliance.