GDPR and your WordPress website

On the 25th of May, 2018, the General Data Protection Regulation is coming into force, and will transform the way personal data is handled. Although this is an EU Law, it has far-reaching consequences for any business dealing the data of any EU citizen.

The General Data Protection Regulation (or GDPR for short) puts control back in the hands of the individual and protects your rights. Every Company or Business in the EU (regardless of Brexit) needs to comply with this across all areas of operation, not just your website. 

Read all about the GDPR here. If you're a small business and you own a website (if you're reading this you probably do!) you need to register with the ICO as a data controller. For Limited Companies under 250 employees, it's just £35 + VAT per year. 

If you do nothing about GDPR, you could face huge fines; up to €20 Million or 4% of global annual turnover - whichever is higher! Your website processes data in ways that you may not even realise through cookies, analytics, feedback and contact forms, comments, eCommerce, surveys and much, much more. You have to display a knowledge of how you handle this data, where it is stored, for how long, the level of information, and most importantly that you have the individual's consent for doing so. 

If you currently have a Wordpress website, and we handle the hosting, security and updates then you need to address a few things before the GDPR deadline. 

Disclaimer: Full GDPR compliance is down to each individual Business or Company. Nothing on this page is legal advice, as we're not lawyers!

The main point to grasp about GDPR is that although you may not be 100% compliant by the 25th of May, having a plan in place and showing that you are working towards compliance is better than burying your head in the sand!

Although compliance is down to each individual company or business, as your supplier in terms of website hosting, updates and security, we want to make sure you are ready for GDPR and that your online presence has been addressed. 

To assist our clients, we are offering three levels of GDPR website audits, based on the risk level (low, medium and high) and this covers both Wordpress and Shopify stores. Each audit contains the same basic elements, but additional items are addressed based on the content of your site. You will also need to sign a Data Processing Agreement to continue hosting your website with us past the 25th of May, which will be sent to you in the next couple of weeks. This is now a legal requirement. If you do not wish to do this, and would like to move your  hosting and website care plan to another supplier, we'll be happy to make your website files and database available for you. 

For example, a simple one-page website with no contact form will require the lowest level of GDPR audit, whereas an eCommerce store or a website with multiple contact forms, event registrations and sensitive user data being stored, such as CVs or other (PII) personal identifiable information will require a much higher level of audit and actions.

If you're looking for website documentation in the form of a Privacy Policy, Terms & Conditions and a Cookie Policy you should speak to your lawyer, or purchase a starter pack online and then get your lawyer to review it to ensure it's fit for purpose.

Please note: we will not supply a pre-written Privacy Policy, Terms & Conditions or a Cookie Policy as part of your website audit. These documents are your responsibility and you should understand and adhere to the information contained within each of them in terms of your own business. We can help with some of the technical details of what should go into these documents, but the content should be your own.

There are a number of firms in the UK who will supply you with the relevant templates, including your own lawyer. If you don't have a lawyer and would like to investigate templates for your own use, please contact our documentation and legal partner below who will be able to supply you with the relevant documents, allowing you to finalise the content with your own legal professional. 

GDPRPrivacyPolicy.org

Visit our Partners over at GDPRPrivacyPolicy.org who have two packs available to Businesses in the UK. The first one covers all the documents you'll need on your website, and the covers the rest of your Compliance needs for your entire business.

• GDPR Website Documents Pack
• GDPR Internal Compliance Pack (includes website documents).

Suzanne Dibble

Suzanne Dibble - a London-based lawyer and GDPR expert also has a pack available for purchase from her website . Suzanne also runs a superb Facebook group, which you can request to join where she has a library of videos covering all aspects of GDPR and your business.

Once you have your website documents written and ready, our website audits address the key areas of GDPR compliance, including security, data storage and user form reviews, opt-in checks and plugin compliance. We'll setup pages for your Privacy Policy, Terms and Conditions and your Cookie Policy once you have sourced and written a suitable set of documents for your business needs.

You will be emailed directly with our assessment of your current website and invited to book in a time for your website to be audited prior to the 25th of May, 2018.

Please note: if you decide not to go ahead with a GDPR website audit, we will prepare your site for transfer to another host of your choice and will cancel your monthly maintenance plan as we are unable to host and maintain websites that are not working towards GDPR compliance after the 25th of May 2018. 

If you have any questions, please contact us and we'll get back to you as soon as we can. 

Disclaimer: Full GDPR compliance is down to each individual Business or Company. Nothing on this page is legal advice, as we're not lawyers!

The above packages do not include a Privacy Policy / Terms & Conditions or Cookie Policy - these need to be purchased and approved by your own lawyer or legal team.

If you have an email newsletter or mailing list, you will need to make sure you get everyone on your list to re-consent before the GDPR deadline. This is due to the fact that you need to prove that you have their consent to contact them. If you're in any doubt at all, we recommend you have a look at ReConsent.co.uk which has been put together by Robin Adams (aka - the MailChimp Guy!).