5 Steps for GDPR, ePrivacy and Cookies Compliance

Anyone who has planned and briefed a website development project knows the knot of anticipation when you give the OK to "publish live". At that very moment, it is like you have stepped into your favourite sports car and put your foot on the accelerator. Your business begins to drive forward!

We have two types of car drivers. One who "tinkers", checks their oil, tyres, and services it on time. Their car drives like a dream. The other type, well ... you know where the story is going. Your website, like your sports car, needs "tinkering".

When is the last time you checked what cookies are set by your website?

With GDPR & ePrivacy it is now a legal requirement as well as a "maintenance" requirement to know what is going on under the bonnet of your website.

• When is the last time you carried out a data audit on your site?
  • What personal data are you collecting?
  • Do you have free-form fields?
  • Which departments have you shared it with?
  • Where is it stored?
  • How many places is it stored?
  • Where is it travelling to?
• Do you have appropriate third-party contracts in place for processing your data?
• Do you have clear visibility of cookies on your site?
• Have you listed them in your Cookie Policy?
• Have you clearly defined your "strictly necessary" vs "enhanced" cookies - so you can offer website users a clear opportunity to opt-out of non-essential cookies?

If you are responsible for your organisation’s website, then data processing and cookie tracking is your responsibility. Not knowing does not alleviate you of legal and potentially reputational responsibility. There is no point blaming the Marketing Intern who left the organisation 6 months ago, whom implemented a great social media campaign, long since forgotten, and as a result, left a trail of plug-ins on the company website. The Intern may be gone but the cookie lives on!

The 5-step transparency framework

1. Have a clear picture of the data journey, carry out a data audit
2. Take ownership of all cookies on your site, carry out a cookie audit and consent management review
3. What data is being released to third-party ad-tech or processors outside of the EU? Do you have appropriate contracts in place? Evaluate the ROI of these relationships.
4. Have you carried out a Data Privacy Impact Assessment (DPIA), which gives you the framework to identify the potential risks and a clear path to mitigate these.
5. Take the time out to educate yourself and train your team to ensure you understand the ever-changing world of privacy compliance.