Skip to content

6 Point GDPR Website Compliance Checklist

A woman working on a Mac computer

Are you one of the many companies running behind on your GDPR preparation? Use this useful blog to help you to hit the ground running.

1. Make sure data officers know where and how you collect data

The new rules mean you really need to have people with specific data-handling responsibilities. One of the first challenges for people in these roles will be finding out where everything is. If our early conversations with people with these new responsibilities are anything to go by, most of them face an almost impossible task. If you want to be compliant your organisation will need to support them.

2. Check terms and conditions around consent

This is definitely an area where specialist legal advice is a good investment. As an example, for e-commerce businesses, it could be the difference between having the right to store historical transaction data, which is invaluable for forecasting.

Under the new rules, consent needs to be specific even for organisations targeting businesses rather than consumers. Legal advice is particularly advisable on definitions of “reasonable interest”, which are woolly at best.

3. Audit processes of ALL software and service providers

Think of the GDPR regulations as almost being like a joint venture in violent crime. Every component that makes up an overall web solution needs to be compliant otherwise, you could all get in trouble.

Obviously, GDPR compliance means different things to different organisations. What we are advising is that you should open conversations about what they have done in order to adhere to the regulations. If the answer is fuzzy you've probably got a problem.

4. Streamline data subject access requests and revoking of consent

These are the areas that could lead to lots of business disruption.

Process design is part of the equation, but there's also a lot that can be done online to minimise the effects of people requesting to be forgotten or asking for a copy of their data. The new tools in Kentico will help in this regard, by tying consents to their contact management system which can be integrated with CRM and ERP records.

5. Data/Privacy by design for all major updates

It will be difficult for lots of organisations to get their heads around specifying journeys for customers to disengage, but the new rules stipulate that it must be “as easy” to revoke consent as it is to convert in the first place.

A talk I saw by Saul Gowens from Websand, demonstrated that losing subscribers isn't necessarily a disaster. Some unsubscribed customers actually continue to buy. There's also the common sense argument...wouldn't you rather have a smaller database of engaged customers than a large pool of slightly irritated and disengaged people?

6. Consider extending CRM and ERP integrations

Yes, integration projects can be tricky and take time, but closer bi-directional integrations might be the answer to most of your problems.

The main reason to do this is to give you a single point of user data, making it much easier to administer consent changes and to access a full data record in the event of data subject access requests.

Interested in learning more? Then why not get in touch to have a one-to-one session with one of our experts?

For more interesting insights, please visit our latest insights.


Subscribe and stay up to date with the latest i3 and industry news, through our monthly newsletter.