How to Update Your Website For The New GDPR Rules

Like it or not on May 25, 2018 the new GDPR rules are coming into effect for any business or blog that is on the Internet. The good news is that you can easily make any changes and updates in order to ensure your website and online business is compliant.
A quick disclaimer here — I am not an attorney nor can I offer legal advice. If you have legal questions about GDPR, I recommend you contact a business attorney and get their recommendations as well.
What exactly is GDPR and do the new rules apply to other countries outside of the European Union? In short the General Data Protection Regulation was adopted by the European Parliament and Council in April 2016 as an answer to better protect the data of European citizens. If you are an online business this WILL apply to you.
According to an article on Digital Guardian, the new requirements include:

• Direct consent from individuals for processing of their data
• Privacy protection by anonymous entry of the data
• Required notification of any data breaches
• Safety standards for transferring data
• Appointing a data protection officer to oversee compliance (only for certain companies)

The new rules change how we control data, collect data, what we’re allowed to do with it, what we can and can’t keep, and what we need to share or not share. The bottom line is you don’t want your data to be abused by any company and so you want to be that type of company as well.
Although there is no direct policing there will be very large fines coming to businesses that do not comply. This can happen as the result of a consumer complaint, especially as more people are becoming online savvy. You want to build a trusted reputation and updating your standards will help you achieve this.

The main points of GDPR:

• Transparency – When you collect personal data you will need to be transparent about why you are gathering that information, what you are going to do with that information, and provide a privacy policy at the point of collection. That means it can no longer be a small link — it needs to be an obvious disclaimer, with a link to a page.
• Consent – You now need affirmative action that they are giving you consent — they need to yes that they understand and that they want the information. You can no longer offer just a standard optin. It needs include a checkbox that they actually check themselves giving their consent.
• Privacy Policy – This will be the first item on your website that should be updated and compliant with the new regulations.

How to make your website GDPR compliant:

1 – Audit your personal data records

Find out both online and offline what do you already have collected from any kind of form. All of this information now needs to be compliant with the new regulations. You will also need to find out how and where you got the data. Even business cards count in this.

2 – Refresh your privacy policy on your website

If you’re up to the task of doing an overhaul of your current policy or need to create a new one you can use a template for this found right here. Fill out the form in English if that applies to you, and choose the information that is relevant to your business.
Once you’re done you will generate your policy as an HTML file and text. Go directly to your website, and edit your privacy policy page. Add a new page if you do not already have one — there are many different plugins for privacy policies to choose from to accomplish this if you are using WordPress.

3 – Add a consent checkbox to all of your optins

Make sure all of your website forms have a checkbox — many themes will now provide this option for you. If they don’t there are plugins available for this.  Search for GDPR in WordPress then choose the right one for your website and theme. This is especially important if you have an eCommerce website. These plugins will help you update your Terms of Service and link to your Privacy page.
Keep in mind that not all lead generation services have made this update yet.  Our favorite company, Aweber, says this about GDPR compliance. Aweber also provides a great GDPR checklist you can download.
If you are using Bloom with the DIVI theme there is a WordPress plugin you can purchase to fix this issue. The Bloom GDPR Overlay Plugin can be used on all of your websites for only $7.00. Once you install the plugin and activate it you will need to add the link to your new privacy page. The text before your privacy name could read: This form collects information (fill in what you are sending to your lists such as marketing tips). This provides an overlay message as soon as they start to put in their info. They must check the box before proceeding.

4 – Email your list and ask for GDPR consent

After May 24th some of the list(s) that you have might no longer be used if they are not compliant with the current regulations. According to an article on Aweber, if you can prove that your subscribers opted in from a website or sales page with a clear explanation of how the data will be used and what type of content they will be receiving in addition to the ability to unsubscribe then you may not have to send out a new subscribe email that asks for their permission again. Any lists that are imported; however, may need to have this email sent out. Check with your email service provider on whether they will be updating their optin forms and how your lists are affected.
The good news is that you can view the email rules as an opportunity to clean up your lists and improve deliverables. Most service providers are getting ready to make it easy for you to contact people and have templates to choose from. Unfortunately not all services have this solution — you can create your own email in your email client. Start by creating a new list or several based on what you currently have. Next, send the new email out to your new list(s) asking them to re-subscribe according to the GDPR rules. Be sure to create an option for your new signups, and to delete the old records — only keep the ones who have decided to stay on.
The best rules of thumb is to keep all of your records and destroy old records that are no longer compliant by May 24th, 2018. Remember that the new rules begin May 25th at midnight.

Don’t Panic!

There aren’t any online police who will arrest you on May 25th.  Take a deep breath and if you need assistance, I’m here to help.  Contact Me.