You may or may not have heard of a little new regulation coming into force this month: the GDPR, or General Data Protection Regulation.
From the 25th May, the GDPR will help EU citizens gain greater control over their personal data, highlight cyber security issues and increase sanctions around the misuse of data.
Under this new rule, consumers and businesses will be able to have access to the data you hold about them: it's all about making the use and purpose of holding data clear and lawful!
Whether you store email addresses, telephone numbers or any other form of personal data, the GDPR will also require you to gain the formal consent of individuals you contact. That's if you want to send them email marketing or make unsolicited telephone calls.
Feeling overwhelmed? There's no need to worry. We'd recommend taking a look at the Information Commissioner's Office guide to the regulation for a general overview to help get you started.
How does this affect your website?
The GDPR is going to affect us all: how we store customer data, the setup of our business websites and the way we market our services to customers.
If we're currently in the process of designing your website, we'll make sure you're GDPR compliant (or as compliant as possible) from day one! But if we worked with you a while ago, there's a chance your website won't be quite up to scratch.
We've already helped lots of our customers get compliant, but if you're a uncertain about what changes need to be made to your website, here is a quick run down:
1). SSL Certificate
Every website must now be secure with an SSL (Secure Sockets Layer) certificate. When you get your certificate, a padlock will appear next to your URL in the web address bar and will be marked with 'HTTPS' rather than 'HTTP.' Customers will know that they can trust your website, and that any information they give you will be secure.
3). Opt in/Opt out check boxes (pair)
You can't send marketing emails to anyone, B2B or B2C, without their consent. Your online contact form, where users add their name, email address and a message, should have a pair of Opt-In/Opt-Out check boxes that give users a clear option to receive – or not receive - emails from you.
What Squarespace are saying
In line with the GDPR, Squarespace are currently reviewing how they store and use data about their customers and on behalf of their customers.
They are also implementing internal processes to help their customers comply with EU data subject rights, and determining any product changes that need to take place.
Squarespace offers integrations with third-party services and methods for integrating additional services, including Mailchimp and Acuity. If you use any of these third parties, you must make sure that these organisations are GDPR compliant as they may process customer data on your behalf. Checking out the privacy policies of your third parties would be a good place to start.
It's important for us to stress that the GDPR is an ever changing regulation at this point. While the changes we are making to our customers' websites are best practice, we would recommend taking independent legal advice to ensure full compliance.
If you're the lucky owner of a Nemonet website, we'll have already contacted you regarding any changes we might need to make to your website. But if you have any questions, just give us a call on 01983 810505 or email firstname.lastname@example.org
If you need advice on your rights or responsibilities around data protection matters, we recommend you speak with your legal advisor or consult the Information Commissioner's Office (ICO).