It’s been big news for a while now – after years of debate, the GDPR was approved by the EU Parliament last year and will come into force on 25th May 2018. This seems like a long time away, but in terms of business this is no time at all. If you’re a business owner or manager with a website, you need to be asking yourself with 7 months to go…is your site compliant?

What’s happening?
The law is changing in a dramatic way when it comes to data protection, and after years of junk mail, shared information and unclear tick boxes on emails and checkouts, it’s time for businesses to get serious. Whether you operate a small business or a large conglomerate, the same law applies and you can be penalised whatever your size, standings or turnover. This law is complex and extensive and is not to be taken lightly or ignored in any way, as it could have serious repercussions and your business could face heavy fines. Any organisation in breach of the GDPR can be fined up to 4% of annual turnover or €20 million – whichever is greater.

Does this apply to me?
You might have lured yourself into a false sense of security by thinking that this law doesn’t apply to your or your business as you don’t use or collect data, but this might not be the case. Chances are, you will be affected and so will your customers. If you send emails, post anything out or make phone calls to clients, then this can affect you. Sound familiar? Then you need to consider how you need to act before the 25th May arrives! Even using tracking software like Google Analytics means you use customer data as this tracks users’ journeys through the website and notes their behavioural information in order to make future sales or learn from people browsing the site. The line is clear: the law applies to the collection of any data that could be traced back to an individual – even an IP address.

What shall I do?
The earlier you act, the better your chances will be at being prepared in time. Your customers have a right to know what you’re doing with the data you’re collecting about them, so you need to start asking people’s permission before you collect any data from them in the future. Your site needs a privacy policy to comply which will help users of your site understand what data you’re collecting, why you’re collecting it, and what you want to use it for. You’ll need to start editing your contact forms, registration forms and checkout pages to include un-ticked boxes so people have to actually opt-in to giving you permission to use their data. You also need to record when they gave you permission and log exactly what they were shown when they opted in in order to comply.

Why is this happening?
Your customers have the right to tell you to stop marketing to them or to control what information of theirs you’re using, and as a result, you need to ensure you comply by making it easy for them to do so and ensuring they gave you permission to do so in the first place. When a user does unsubscribe or opt-out, you need to make sure you keep them on a list and never contact them again unless they’ve given you their permission – this will incur fines from the independent regulator that you don’t want to see! It’s the same with phone calls – if you make a sales phone call to someone who’s on the TPS (Telephone Preference Service), you’re breaking the law and this will be taken very seriously by the ICO.

SSL Implications
The next thing to consider is if you’re collecting people’s data, then you need to ensure your website is SSL secured – this stands for ‘Secure Sockets Layer’ and means you have an SSL certificate for your site. This basically means the data that’s transmitted is encrypted, and this is vital. Google labels any website without an SSL certificate as “un-secure” and this will become harmful to your rankings in search results and could give visitors to your site a warning saying that their information won’t be secure, which will hugely affect your bounce rate and conversion rate. If you need to convert your website from HTTP to HTTP, then we can help by implementing our Site-Wide SSL Solution that will ensure the security of the website for the future and prevent against drops in ranking and potential data-related fines. If you implement https using Magento’s native implementation, it will potentially perform 3 redirects to get customers to the destination page and it will also redirect inner pages to the homepage, both of which are harmful to your site’s SEO. Our bespoke solution helps deal with this and can save you potentially harmful drops in rankings as a result of switching. As of 1st October 2017, Google Chrome will be labelling HTTP pages with any entry fields (sign up pages, login pages, pages with a search bar) with a red ‘unsecure’ to the left of the URL/address bar. This will only affect user behaviour, not rankings. It has the potential to severely impact bounce rate and conversion rate. However, websites with any payment information areas accessed via HTTP may see their rankings affected.

If you’d like to manage your website’s consent better or find out more about our bespoke SSL solution get in touch to see how we can help!