GDPR lands this month, and if you (like a lot of people) have not quite got around to getting everything sorted, panic not! Our GDPR checklist is here to help you get GDPR compliant!
Our GDPR checklist will help you get the basics done so you are at least working towards compliance.
Firstly, let’s get some of the GDPR myths sorted.
GDPR does not affect me.
Wrong. It affects everyone that handles data or has a website. Period. After the 25th May, if I visit your website, and it sets a cookie without asking for my consent, you are in direct violation of the GDPR – this is even more so if you are setting marketing cookies.
If you store customer data anywhere, you also need to be GDPR compliant.
I only need to worry about email marketing.
Wrong. In fact, most businesses have this the wrong way around. If you have to email people as part of a contract you have with them or in response to a request, you can do so.
If you want to send out marketing or promotional emails, you have to have provable prior consent, so if you’ve not got it or are unsure, re-opt-in all your contacts, or delete them.
I can do this later.
Wrong. GDPR has been on the horizon for 2 years. NOW IS LATER. From what we’ve read, it’s better to be working towards compliance than doing nothing at all.
The GDPR Checklist
Disclaimer. Toast is not authorised or allowed to provide legal advice. In all things, we advise consulting your legal advisors in regard to GDPR – the information below is a guide based on what we are doing.
This needs to explain all about the cookies you use on your site, where they are from, what they do and where they send data.
3. Get a cookie consent tool on your site
You have to get consent before setting certain cookies on peoples devices.
4. Do an internal audit of your data storage
Do you really need to keep 1000s of contact details on a spreadsheet stored on a USB stick? Data breaches are going to be taken really seriously.
If you store data all over the shop, now might be the time to use a secure cloud service such as Google Drive or Dropbox to have your data securely stored.
5. Re-opt-in all your mailing list data that is used for marketing purposes
Do you have a 1000s of people on your mailing list? Shame to see them go, but if you are not 100% sure you got their consent, get them to opt back in or delete them.
The more people in your database, the more chances for someone to claim they’ve not consented to receive emails from you.
In short, if you have contacts that you can’t prove consent from, delete them. GDPR is an opportunity to start with clean data lists and securely stored data.
All sound a bit much?
It’s well documented that the GDPR is hugely complicated and that the consent issues are difficult to process.
However, you do need to make sure the basics are covered and this does not need to cost £1000s.
Our GDPR checklist and audit will do the following:
- Cookie Audit – what cookies are set, are they all compliant
- Cookie Compliance plugin & Policy – properly asking for consent and making that consent changeable
- SSL Certificate – so your site is on HTTPS (sites hosted with Toast only)
- Forms review – are you doing anything you shouldn’t on your site forms
- Plugin review – are there non-compliant plugins on your site
- HTML Email re-opt-ins – if you use something like MailChimp for your email marketing, we can set up a re-opt-in campaign.
- Site Security – a general review of your site to check that it is secure against data breaches