You and your website are subject to the GDPR legislation if you store or process the personal details of your customers or website visitors and any of them are based in the EU. I’m not going to go into detail of exactly what this means for you (seek professional legal advice or ask google), but focus on just one part of your business it affects - your website.
There are several common best practices that are being recommended in order to ensure you comply with GDPR, I will run through them here. For each I will explain the common reasons it is necessary, how you can implement any change and how you can engage SLW to help you out. YOU need to determine if any are applicable for your business/organisation, of course one approach would be to do them all anyway.
Read all our help articles on GDPR
Legal documents on your website
It is recommended that you add at least these three legal documents to your website:
- Terms & conditions
- Privacy Policy
- Cookie Policy
There are many boilerplate documents you can buy or download for each of these. Please make sure you check that they are appropriate for your situation and they the specifically address GDPR. If in any doubt seek professional legal advice.
You can add these documents yourself, either as PDF files or as actual pages on your website. We have written a guide for you here.
Alternatively you can raise a request for us to do the work for you, although we won’t create the documents themselves, you will need to provide these to us. If you are on a managed plan this will be included in your subscription otherwise this will be a chargeable piece of work. You can raise a request from the Help Centre.
Mailing List sign up forms
If you give people the option to join your mailing list from your website you may need to change the form. The reason for this is that under GDPR when you are emailing people for marketing purposes you need to gain their explicit consent and the user must take some action (that is you can’t just say by joining you agree to it or pre-checking a checkbox).
Some email providers have made this pretty straight forward. Sadly Mailchimp have not! So if you use mailchimp you’ll need to make some changes.
Mailchimp have published an article on it here.
The big takeaway is that you cannot use an embedded form any longer, you will need to replace your nice form on your website with a link that takes them to your mailchimp hosted signup page.
If you would like to do this yourself you can check out the help article we have created.
There are ways around this to keep your form on your website, but honestly they are super techie.
If you would like help doing this or are interested in us doing the nicer but techie way, just raise a request from the Help Centre and we can discuss the options. The cost for doing this will vary depending on how much you need us to do.
Making your website HTTPS
Part of GDPR is ensuring the security measures you use to safeguard your customers’ personal data. Your website may have a contact form you are transmitting the name, email address, phone etc., so you should make sure that your website operates under SSL or starts with https://. Smart Little Web now supports SSL by using a free platform called Cloudflare.
We have written detailed instructions on how to activate this in the help centre.
However, we do appreciate that this may seem a bit techno mumbo jumbo to some people. So we can help you do this. If we manage your domain there is a one off fee of £75+VAT, if you have your domain elsewhere then the cost is £150+VAT. Just raise a request from the Help Centre if you would like us to do this for you.
Social sharing plugins
If you have social sharing plugins you should include this in your privacy policy and your cookie policy. Additionally, you shouldn’t activate these unless visitors to your website agree to you dropping cookies of the correct type (see cookie consent).
Analytics
As we mentioned in Part 1, we have had to remove our built in analytics from your website. If you want to continue tracking page views etc. you will need to set up a free Google analytics account and add this to your website.
NB. you shouldn’t activate these unless visitors to your website agree to you dropping cookies of the correct type (see cookie consent).
If you would like help from us in doing this for you just raise a request from the Help Centre. There is a charge for this, but how much depends on what other things we need to do.
Tracking code
If you use Facebook tracking pixels, or other advertising tracking code, you shouldn’t activate these unless visitors to your website agree to you dropping cookies of the correct type (see cookie consent).
Booking widgets
You only need to make changes if your booking widget drops cookies. If it does you shouldn’t activate these unless visitors to your website agree to you dropping cookies of the correct type (see cookie consent).
Chat and other widgets
Many other plugins use cookies. If yours does, you shouldn’t activate them unless visitors to your website agree to you dropping cookies of the correct type (see cookie consent).
Contact form
If you have a contact form on your website, the only thing you need to do is make your website HTTPS (see Making your website HTTPS above).
Cookie Consent & Google Tag manager
You should be asking people for their consent to drop cookies on their computer (cookies are small pieces of information that are stored in your browser). Cookies can be used for many purposes, but broadly they fall into 3 categories:
- Strictly necessary - needed for the website to work
- Performance - needed to improve the website e.g. analytics
- Targeting - needed to tailor advertising
You can drop cookies for the first 2 types with implied consent, that is you tell them that is what you are doing, but don’t need them to agree. But, you do need to offer the option of not agreeing.
Targeting cookies need to be opted into explicitly by the website visitor.
You should also have a way that people can update their preferences after they have made them.
So a couple of big things here:
- You need to let people know you want to use cookies
- You need to give them the option of opting out
- You need to give them a way to update their choices
- You shouldn’t drop cookies unless the visitor agrees, either implicitly or explicitly
To meet requirement 1,2 & 3 we suggest you use a cookie consent system like Cookiebot. They have a free plan if your website has less than 100 pages. This allows you to put a cookie consent message on your website. Also it provides a way to update your preferences.
The last requirement though is more complicated. MORE complicated!!!!!! Yes afraid so. This means you need to hold off activating any plugins or external scripts you embed on your website until after the visitor has given consent.
There is no simple way to explain this, but just to state that you need to make use of a tag manager like the one google offers for free. The tag manager can be configured to work with Cookiebot and only activate your widgets that use cookies after consent is given.
You can see a detailed guide on setting up Google Tag Manager on the Cookiebot website.
Seriously, this is pretty complicated stuff, but it is all possible for your website on Smart Little Web.
Conclusion
Look, we get it. All this is a right royal pain and we wish there was an easy way to just get it done. We have taken months of research and testing to be able to boil it down to this and it’s still whopping. Our ethos has always been to take care of the technical stuff, so you can just get on with the content, but in this case we simply cannot automate all of the things you may or may not need to do.We still want to help. So we are reducing our standard hourly rate by 33% to just £50+VAT/hr for any of the activities related to GDPR.
If you’d like to discuss what you need to do and for us to give you a fixed price for doing it just raise a request from the Help Centre and we will contact you.
0 Comments