Ah… what a dry subject! The EU decided to create some laws which are fantastic for future privacy protection but have put us website owners and small-time bloggers in a flap about being arrested or fined a gazillion Euros. Heres what I did to this website for GDPR compliance (obviously I can only hope it is compliant as I’m not a lawyer and though I did a ton of reading I didn’t read every. single. word)!
This blog post is intended for other small website and blog owners and is not intended for general interest. It’s pretty hard to make this stuff interesting!
GDPR = General Data Protection Regulation implementation 25 May 2018
I created a terms page
- How collected data is stored
- If/how data is moved or shared
- How collected data is used
- How the user can access and view the data stored about them
- How a user can be ‘purged’ from stored data i.e. the ‘right to be forgotten’
- Actions in the event of a security breach or system failure
I ‘introduced’ my sign up forms
Each form now has an introductory paragraph to make it crystal clear what the person is doing when they submit the form, I don’t have a ‘contact me’ form on this website but if I did I’d have to have an introductory paragraph there too.
The copy must make it so that:
- there is explicit consent from the user before data collection takes place
- this is in plain English and not buried in amongst other text
- the ‘consent’ is not pre-selected i.e. a checkbox that already has a tick in it
My paragraph reads like this:
and my explicit consent form contains a check box with the following wording:
I wrote the terms page in plain English
I wrote each section of the terms page in as simple language as I could. I’m quite proud of how I organised it so that it doesn’t look like a plain boring Terms and Conditions page! If you’ve read this far it’s worth taking a peek.
I considered whether I needed to ask my current subscribers for permission again
You’ve probably had loads of emails asking you to re-sign up for mailing lists. Thats because if your consent wasn’t 100% explicit, and/or if the company can’t say exactly when and where you explicitly signed up, then they’re holding your data illegally. I know that all my mailing list subscribers knew they were signing to an email mailing list and I have the data for when and where they did – so I had no reason to annoy them with another email!
I reviewed the rest of my site’s privacy issues
- Do a cookie ‘audit’ to see what cookies your site uses. You might be surprised at how many there are! You can see cookies and info on them quite easily by using the Chrome browser.
- Obtain consent from each visitor before using cookies. For consent to be valid, it must be “informed, specific, freely given and must constitute a real indication of the individual’s wishes”.
Finally, I listed the cookies used as per the guidelines directed by the EU. Theres a really good chance that the cookies my site uses are exempt from these laws, as many cookies are, but frankly the jargon is so complicated and I don’t understand the 3rd party cookies well enough. Why run the risk?!
One more thing…
If you’re looking at the way I’ve written my form paragraphs and terms page it’s worth bearing in mind that you’ll need to go into a bit more detail if you have a simple contact form on your site. This is because you’re likely to be storing personal details yourself when someone contacts you – whether thats just in your email program or if you note business or blog contact details in another system somewhere you’ll need to write that up in your terms page because people have the right to know where their data is stored.
Kim Debling is a Hampshire, UK based designer and Director of her own company Kestrel Design Ltd. She is mum to Rose and Harvey and wife to her best friend Steve. She’s fighting off Stage 4 Lymphoma and sharing her story along the way, mainly via YouTube. Kim is passionate about being happy, mental wellbeing and in particular art and creative pursuits as therapy during tough times. She teaches online at Udemy, has published books and has art and printables available for sale.