Just to let you know: This article contains an affiliate link. Purchasing via this link won't cost you any more, but we'll make a small commission for referring you. Also, a brief disclaimer: The information in this article is given as a guide only. We are not legal professionals and nothing we publish should be taken as a substitute for legal advice from a qualified expert.
In today's digital age, the protection of personal data is more important than ever. With the European Union's General Data Protection Regulation (GDPR) coming into force in May 2018, businesses around the world are expected to comply with strict data protection laws. The provisions of the EU GDPR have been incorporated directly into UK law as the UK GDPR following the United Kingdom's departure from the EU.
In this guide, we will cover everything you need to know about GDPR compliance, including what GDPR is, who it affects, and how to make sure your business and website are compliant.
What is GDPR?
The General Data Protection Regulation (GDPR) is a set of data protection laws that aim to protect the personal data of UK and EU citizens and give them greater control over their data. The GDPR applies to any business or organisation that processes the personal data of UK or EU citizens, regardless of where that organisation is based. This includes businesses of all sizes, from small start-ups to multinational corporations. If your business processes any personal data of UK or EU citizens, it is your responsibility to ensure that you are GDPR compliant.
The UK GDPR (General Data Protection Regulation) and the Data Protection Act (2018) outline the rights and responsibilities of individuals and organisations with regard to the collection, use and storage of personal data online. This includes storing people's names and contact details so you can reply when they contact you, but it also includes things like their IP address, device type and browser, which are stored and tracked by cookies used by third-party analytics tools such as Google Analytics.
How to become GDPR compliant
Making sure your business and website is GDPR compliant is a process that requires a thorough understanding of the regulation and its requirements. Here are some key steps you can take to become GDPR compliant:
Conduct a data audit: This involves identifying all the personal data that your business processes, where it comes from, and who it is shared with.
Obtain consent: GDPR requires that you obtain explicit consent from individuals before processing their personal data.
Implement data security measures: GDPR requires that you implement appropriate technical and organisational measures to protect personal data from unauthorised access or theft.
Appoint a data protection officer: If your business processes a large amount of personal data, you may be required to appoint a data protection officer (DPO) to oversee GDPR compliance.
It was laborious and seemed pointless - surely there was a way to auto-detect cookies and display the same table but without all the fuss! We needed a better solution and we found one that you can also use to make your website GDPR and Data Protection Act compliant! Install CookieYes for free, run a cookie scan on your site, fill in a few details and get GDPR compliant within minutes with a cookie consent opt-in banner and an even better version of the documents that were taking us hours to produce! It's a quick and easy solution for generating your policy documents and allowing your website users to explicitly opt-in or manage their cookie preferences, but remember - it's not fool-proof! It's your responsibility to fill out your details correctly and to get your documents reviewed by a legal professional to ensure compliance!
You can then go to the Cookie Banner section to customise your opt-in form, allowing users to manage their cookie preferences. This will block the cookies that aren't necessary for the website to function until user consent has been obtained. Oh and just a heads up - the Cookie Banner text is all in US English, so you may wish to go through the Cookie Banner customisation options to change it to UK English. You can do this quickly and easily by just copying and pasting, using a free automated service such as GoTranscript.
CookieYes has amassed a user base of over 1.3 million since it was founded in 2018 and is trusted by big-name brands such as Toyota, Renault, KFC and Domino's. It's free up to 25,000 page views per month and 100 pages per cookie scan, with paid plans ranging from just $10 USD per domain per month up to $40 USD per domain per month.
Why is website GDPR compliance and Data Protection important?
Three reasons immediately spring to mind:
- Legal requirements: Breaking the law can result in legal action and fines. It's important to understand the law and make sure your website is compliant to avoid potential issues.
- Brand Reputation: The reputation of your business might suffer if you break the law. Customers are becoming increasingly cautious about their privacy online and might decide to work with a business that doesn't seem shady!
Under what circumstances is compliance needed?
There are several circumstances in which a website needs to be compliant with the UK GDPR and Data Protection Act:
- If you collect any personal data from users, including names, email addresses, phone numbers, IP addresses or other identifying information.
- If you sell products or services online and collect payment details from customers.
- If you use third-party tools or services to collect or process personal data, such as email marketing or analytics platforms.
What a lot of website owners don’t know is that according to W3Techs 43% of ALL websites are built on the same platform (WordPress) as of January 2022 and probably ALL use third-party tools that set their own tracking cookies.
Are most websites legally compliant?
In short, no. According to Statista most websites in the UK are not legally compliant, with only around 12% of websites fulfilling all of the requirements to be compliant with the UK GDPR. But that's not really the point, is it? You wouldn't throw yourself under a bus if most people were doing it. No one seems to be actively policing this at the moment, so it might not seem important. But it's best to get ahead of it in case you have to defend yourself in court and you then need to be able to say "all of this is covered in the policy you agreed to when you used our website!"
Are Wix websites GDPR compliant?
But no need to fear. CookieYes is compatible and easy to use with WordPress, Wix, Squarespace, Shopify and more! You can scan 100 pages for cookies and have 25,000 page views per month for free AND you get a 14-day free trial on all paid plans (ranging from $10-40 USD per month) if you have more pages or get more traffic than that.
The law around website compliance in the UK
As mentioned above, the UK GDPR and Data Protection Act outline the rights and responsibilities of people and businesses when it comes to collecting, using, and storing personal data online. Some key points to consider include:
- Consent: You must get explicit consent from users before collecting or using their data. This means that users have to actively opt-in to having their data collected and must be clearly informed about how it’s going to be used. We get consent by having a checkbox on our contact form, which is not pre-checked and must be checked by the user before contacting us via the form. We also have our CookieYes Cookie Consent Banner that allows users to accept, reject or manage their cookie preferences.
- Security: You have to take appropriate measures to protect users' personal data from unauthorised access, use, or disclosure. This includes using secure servers and encryption for any sensitive data.
- Data retention: You must only retain users' personal data for as long as it is necessary for the purposes for which it was collected. This means that you should have a clear policy in place for how long you keep data and a process for deleting it when it is no longer needed.
- Data access: Users have the right to request access to the personal data that you hold about them and to have it corrected or erased if it is inaccurate. You must have a process in place for handling such requests and provide the information within a reasonable timeframe.
How to know if your website is legally compliant: GDPR compliance checklist
To ensure that your website is legally compliant with the UK GDPR and Data Protection Act, there are several steps you can take:
- Review your data collection and use practices: Make sure you are only collecting the personal data that is necessary for your business and that you have a clear purpose for collecting.
- Obtain explicit consent: Make sure you are obtaining explicit consent from users before collecting or using their personal data, including their IP address which will be tracked by any third-party Analytics solution you might use, such as Google Analytics. This should be done through a clear opt-in process, such as a checkbox or button such as the one provided by CookieYes.
- Implement security measures: Take appropriate measures to protect users' personal data from unauthorised access, use, or disclosure. This may include using secure servers and encryption for sensitive data.
- Review your data retention policy: Make sure you have a clear policy in place for how long you retain user's personal data and a process for deleting it when it is no longer needed, or at the user's request.
By following these steps, you can ensure that your website is compliant with the UK GDPR and Data Protection Act and that you are protecting the personal data of your users.
It's also important to regularly review and update your website compliance practices to ensure that you are staying up-to-date with the latest laws and regulations. This may involve seeking legal advice or consulting with data protection experts to ensure that you are meeting your obligations. Additionally, when you sign up for a paid plan with CookieYes you can schedule the cookie scanner to run at regular intervals to make sure that your policy documents are up to date.
In summary, website compliance with the UK GDPR and Data Protection Act is essential for protecting the personal data of your users and avoiding potential legal issues. By understanding the laws and implementing appropriate measures, you can build trust with your customers and protect your brand reputation. That's why we've switched to using CookieYes on all our client websites and our own.
Just to remind you: This article contains an affiliate link. Purchasing via this link won't cost you any more, but we'll make a small commission for referring you. Also, a brief disclaimer: The information in this article is given as a guide only. We are not legal professionals and nothing we publish should be taken as a substitute for legal advice from a qualified expert.