GDPR includes requirements for the way you collect, store and process data. We’ve previously talked about GDPR here but for first hand advice and guidance, we recommend you take a look at the ICO resources here...
12 Key Questions to Help Judge Your GDPR Readiness
In order to give you some prompts about how to consider the way you collect data on your website, I've put a series of questions together.
As we’ve said before, we can’t tell you exactly what to do because every organisation is different (plus we’re not lawyers). However, these questions will help you think about the things you need to investigate further.
For official advice, we recommend you speak to whoever is responsible for legal matters in your business.
Questions to consider are:
- When capturing Personal data do you keep the amount of data captured to a minimum?
- When capturing Personal data do you make it clear why you need that piece of information?
- When capturing Personal data do you make it clear what will happen next?
- When capturing Personal data do you make it clear what they are “opting in” to?
Remember, if you’re using the data for more than one thing, you’ll probably need to have “opt in” permission for each purpose.
But also remember that “permission” can be determined in a few different ways. e.g. If you’re collecting data in a form called “call me back”, provided you make it clear that is what it is, you can reasonably expect someone who submits that form to expect a phone call back.
That means you don’t necessarily need an opt in box for that purpose. However, if you will also use that data to send a newsletter, or pass to 3rd parties etc... you’d need to ask separate permissions for each.
Where can I get more information?
The ICO website provides GDPR updates when available. Furthermore, the IAB also provide updates on how ePrivacy changes might affect the digital advertising industry. The latest is their updated ePrivacy Factsheet.