Quick Contact Icon
Back To Top Icon
Show Filters
Sign up for regular updates:
RSS Feed

Add our RSS feed to stay up to date with the latest Splitpixel news and content.

Add Our RSS Feed
Blog Search
Click To Search

GDPR - what do I need to do to ensure my website is compliant?

The 25 May deadline for changes to data protection regulations is approaching. Here's what you need to do to make sure your website is meeting the new rules.

click here
Blue Pixel Top Left
Posted by Michelle
24 April 2018

This isn’t a recommendation – you have to do this before 25 May to be operating within the law.

To gather squeaky-clean data, you need…

1. A cookies policy opt-in

This is now essential if you’re running any kind of user tracking like Analytics, have baskets that retain products, etc, that mean you’re using cookies – the majority of sites do.

A lot of sites have opt-ins already - it’s that small pop-up which allows users to accept cookies and links to your policy. However, from 25 May, no cookies that aren't essential to the running of the site can be used without affirmative consent - so if you have any user tracking on there, that can only kick in once the user's agreed to it. If they click no, or ignore the cookies notice, you can't track them.

2. A fresh, GDPR-compliant privacy policy on your website

You can take a look at our privacy policy for inspiration, but you’ll need to make sure yours is specific to the ways you process data, and which third parties have access to it.

If we host your website, we can provide your cookies information on request for this document. We recommend a legal eye reading over it before you send it back for us to upload to your site.

3. Updated forms

Every form on your website now needs to contain an opt-in checkbox, and a link to your privacy policy for the full lowdown.

contact form
Here's an example of a form from our site - you now can't submit your details to us without confirming you've read our privacy policy.

4. An email subscription process

If you reach out to your database by email, you have two options for your online subscription form.

To subscribe to receive marketing communications from you, users need to either complete a form with an opt-in box like on the forms above, or you can operate double opt-in for iron-clad consent – this is where the user is sent an email with link to verify themselves before being added.

There's no right or wrong answer on which is best - only you know which will be the best for your database! 

5. Automatic email review

If you send any automatic emails, they must contain an unsubscribe link.

And what about the data I already have?

Obviously, the above doesn’t cover the data that you already store, so you need to read up on affirmative consent vs legitimate interest and make your own decisions on how to cleanse your data. If you've purchased a list, get confirmation from your data supplier that it's been gathered and supplied to you under GDPR.

Contacting your whole database with opt-in emails (affirmative consent) is the safest way to go about cleansing your current database – you then end up with a database full of people for whom you can document proof that they’ve signed up to hear about your services.

You’ve got to balance it – you are likely to lose a large percentage of your database this way, but those who have responded will be engaged with your company, and you can demonstrate that you’ve met GDPR requirements in a rigorous way (as long as you’ve updated your website too).

You would need to erase the data for anyone who doesn’t respond or who clicks no on the email. And if we host your site, we can purge your website database for you, permanently removing the data stored there that’s older than three, six or 12 months – whatever you decide that fits your business needs.



Say Hello

If you want to know more about what we do, or would like to discuss a project, please email us or fill in the form below to drop us a message.