Many of you have been receiving loads of emails about compliance with GDPR - as have we. So we thought we would write a quick list to help clear a few things up....
1. privacy policy
Sorry, but you do need one on your site. There are templates available and the ICO have some great guidelines too. It doesn't need to be pages and pages, you can take a look at our privacy policy to see the sort of thing you could put in.
You may already be organised enough to have a privacy policy. If you have, do take the time to check what it says (the main 'no-no' is having a phrase that says something like 'and we may use your information to send you marketing info from time to time...' Sorry, not allowed any more. It will need to say something like 'we wont market to you unless we have your express permission to do so'.
2. Consent
'Express permission' is exactly that - you need to have a tick box on your site, normally on your contact form, saying something like 'I am happy for company X to send me news and marketing information' if they don't tick it, you can't market to them.
3. Legitimate business use
However, you can still contact them for other reasons if they are your clients - otherwise how do you manage your business? This is part of the 'Legitimate Business use' clause of the act. You can also keep their data, even if they request to have it deleted, if it forms part of the legal obligations your company has, ie to HMRC.
4. Cookies
Many websites use cookies (particularly if they are using google analytics). You will need to add a para to your privacy policy stating that.
5. Other stuff
There is more stuff you need to do as a business, that is related to your operations and not just your website. A good place to check is the ICO, they have a handy tool to take you through simple checks to see where you are on the road to compliance.
And Remember....
As long as you are working towards compliance on the 25th May, but haven't quite got there yet, that is good :) Being totally compliant would be amazing, but the ICO recognise that there is lots to do and that not all of us will be there on the 25th.
The main purpose of these regulations is to make sure that you are holding peoples data safely, not selling it to others and that you are sending your stuff to people who actually want it.