GDPR Checklist

GDPR lands this month, and if you (like a lot of people) have not quite got around to getting everything sorted, panic not! Our GDPR checklist is here to help you get GDPR compliant!

Our GDPR checklist will help you get the basics done so you are at least working towards compliance.

Firstly, let’s get some of the GDPR myths sorted.

GDPR does not affect me.

Wrong. It affects everyone that handles data or has a website. Period. After the 25th May, if I visit your website, and it sets a cookie without asking for my consent, you are in direct violation of the GDPR – this is even more so if you are setting marketing cookies.

If you store customer data anywhere, you also need to be GDPR compliant.

I only need to worry about email marketing.

Wrong. In fact, most businesses have this the wrong way around. If you have to email people as part of a contract you have with them or in response to a request, you can do so.

If you want to send out marketing or promotional emails, you have to have provable prior consent, so if you’ve not got it or are unsure, re-opt-in all your contacts, or delete them.

I can do this later.

Wrong. GDPR has been on the horizon for 2 years. NOW IS LATER. From what we’ve read, it’s better to be working towards compliance than doing nothing at all.

Get a GDPR Audit

The GDPR Checklist

Disclaimer. Toast is not authorised or allowed to provide legal advice. In all things, we advise consulting your legal advisors in regard to GDPR – the information below is a guide based on what we are doing.

1. Get a privacy policy

Your website needs to have a privacy policy that outlines what data you collect, where you store it and for how long, what you do with it and how me, the data subject can find out what you’ve got on me.

We have a template privacy policy available as part of our GDPR Audit.

2. Get a cookie policy

This needs to explain all about the cookies you use on your site, where they are from, what they do and where they send data.

3. Get a cookie consent tool on your site

You have to get consent before setting certain cookies on peoples devices. 

What’s more, they need to be able to see a list of these cookies (the cookie policy) and be able to change their minds at any time regarding the consent they give you.

4. Do an internal audit of your data storage

Do you really need to keep 1000s of contact details on a spreadsheet stored on a USB stick? Data breaches are going to be taken really seriously.

If you store data all over the shop, now might be the time to use a secure cloud service such as Google Drive or Dropbox to have your data securely stored.

5. Re-opt-in all your mailing list data that is used for marketing purposes

Do you have a 1000s of people on your mailing list? Shame to see them go, but if you are not 100% sure you got their consent, get them to opt back in or delete them.

The more people in your database, the more chances for someone to claim they’ve not consented to receive emails from you.

6. Purge

In short, if you have contacts that you can’t prove consent from, delete them. GDPR is an opportunity to start with clean data lists and securely stored data.

All sound a bit much?

Get started with a free Cookie audit

It’s well documented that the GDPR is hugely complicated and that the consent issues are difficult to process.

However, you do need to make sure the basics are covered and this does not need to cost £1000s.

Our GDPR checklist and audit will do the following:

  1. Cookie Audit – what cookies are set, are they all compliant
  2. Cookie Compliance plugin & Policy – properly asking for consent and making that consent changeable
  3. Outline Privacy Policy – A template for you to complete
  4. SSL Certificate – so your site is on HTTPS (sites hosted with Toast only)
  5. Forms review – are you doing anything you shouldn’t on your site forms
  6. Plugin review – are there non-compliant plugins on your site
  7. HTML Email re-opt-ins – if you use something like MailChimp for your email marketing, we can set up a re-opt-in campaign.
  8. Site Security – a general review of your site to check that it is secure against data breaches

We can help with all things WordPress.

If you need to improve your existing site or are looking to commission a new website, call us on 01295 266644 or complete the form - we'll get in touch!