Maintaining GDPR compliance is essential in the legal sense, but by being transparent and clear in how you handle their data you also gain the trust of your website visitors and customers.
What makes business' compliant varies greatly depending on your business, market, activity or services and how data is used. Ultimate responsibility for ensuring compliance rests with you, our client, and so we recommend you seek qualified legal advice in writing appropriate policies and keeping them up to date.
Policies you ought to consider include a Cookie Policy, Privacy Policy and Terms & Conditions.
While we cannot provide legal advice (and so don’t provide boilerplate privacy policies etc.) we DO support you with the guidance and resources below and by delivering compliance requirements on your website or app when you instruct us.
Cookies and Opt-in banners
Cookies may be used to improve user experience when visiting a website, especially when collecting data about a visit for any number of reasons. For a deeper explanation of cookies, visit ICO Cookies.
A website visitor must be provided with the ability to choose what cookies, if any, they wish to be allowed during their visit. This is achieved via an opt-in banner.
If your site requires one*, an industry compliant opt-in banner covering essential cookies with preference options can be added to your website at no extra cost. What preference options need to be made available will be dependent upon the data handling that you ask visitors to opt-in to.
*The Information Commissioner’s Office details exceptions to the assumption that ALL sites must have cookie opt-in. However, to build trust, you may choose to include one regardless.
Collecting data from users (e.g. Forms)
If you are collecting user data (for example via a form or other method), you will likely need a data handling statement and to request consent from users in your opt-in solution. Your opt-in solution should also clearly signpost the website visitor to relevant documentation / policies.
User tracking (e.g. Google Analytics, Google Tag Manager)
If you want to track user activity and behaviour on your site we can implement most tracking solutions that you supply or configure Google Analytics (or similar) on your behalf. Tracking users will impact on the contents of your policies and opt-in solution, which you will need to ensure are up to date.
Privacy and other policies
Your business will require at least a Privacy Policy (and likely other statements) that covers how data is handled, which includes data handling beyond any website or app that we build for you.
Many businesses include a suitable Website Terms & Conditions on their website. If you have any level of e-commerce activity within your website, then a fuller Terms & Conditions would be required.
Which policy documents your website requires, and the contents of them, are specific to your business.
Independent guidance
Obtaining qualified legal advice will help you ensure your policy documents fit with your business activities and your website’s role within those.
You must supply these documents (and any relevant requests to collect data, track users etc.) to us so that we can include them on your site in advance of deploying to live status (unless you choose to add them yourself).
Helpful links:
We strongly recommend starting with the government guidance on GDPR and soliciting legal assistance if you require more help.
Information Commissioner's Office (ICO)
Cookies and similar technologies
Guide to the UK General Data Protection Regulation (UK GDPR)