There are already tons of articles out there that will go into greater detail on what GRPR is, why it is, and what it means in a broader scope. What I want to do here is simply things specifically for my own support clients and talk about the practical things we should do to comply.
Obligatory legal disclaimer
Obviously, I’m not a lawyer. Any advice I give is solely from a technical and practical perspective as it relates to your website and user experience and only based on my currently understanding and knowledge on the subject. None of this should be considered official legal advice.
What is GDPR
In a very concise nutshell, it means that if you do any kind of business with, or you have users from, the EU – you must take steps to the protect personal data of residents of the EU.
This means, you should…
- Obtain explicit consent from users wherever you collect personal data.
- Give users the right to know what personal data you have collected and request that it be deleted.
If you are a business outside of the EU, which many of my clients are, and do not serve EU residents at all (ie. you’re a local service business in the USA), then you don’t need to do anything. But that doesn’t mean you wouldn’t benefit from reviewing your data policies anyway.
By the way, the new regulations go into effect May 25, 2018 which is, like, now.
So, where to start? Here is a short, practical, by no means complete and comprehensive, but should get you on your way…
Next, your contact forms
A website without a contact form is rare. I mean, who puts their email address on their site in plain text for spammers to grab?
Do you have mailing list opt-in forms?
You’ll need to add a similar consent checkbox for these and sometimes multiple depending on how you use their data.
Your checkout page should also contain a consent checkbox. Again, anywhere you are asking for personal information.
Do you have comments enabled on your blog?
Do you run ads on your site?
Food and lifestyle bloggers, I’m looking at you. You probably have a bigger burden than most to get this GDPR stuff right. And if you run ads, you are most certainly using cookies to help show relevant ads to users.
You may need to add a cookie consent popup on your site. I know, I know, I hate them too. And to be perfectly honest, I’m not clear on if this is an absolute requirement yet. It may only be requires when your site is browsed in the EU. I’m not sure. Want to be safe? Add it. Just be aware that scripts may be blocked for the user if consent if not given by clicking the “accept” button.
There are a few different cookie consent plugins, and I have only tried a couple, but so far EU Cookie Law seems like a good one.
Is that it?
I can help implement on the technical side if you’re one of my existing support plan clients or wish to become one.