GDPR

ezguide
easy to follow step by step guides

Summary

The General Data Protection Regulation (GDPR) comes into affect on 25th May 2018. It replaces the current Data Protection Act in the UK and is the biggest overhaul of data protection legislation for 25 years.

Overview

Our new Privacy Policy is now available. You can read it at www.phdinteractive.co.uk/privacy

Skip to "Countdown to GDPR"

If your website collects personal information then GDPR affects you. An obvious example is a website that invites visitors to subscribe to a newsletter but even a simple contact form which captures just the enquirer's name and email address still requires GDPR consideration. 

The whole business is not strictly about websites at all - it is about what you do with personal information you receive through any means and ensuring you have permission to do that. Even if your website has no contact form at all it probably still shows your email address so you need to think about what you do with the email addresses of your enquirers. Responding to the enquiry is obviously a legitimate use, but gathering all these addresses into an email list and mailshotting them periodically with marketing is very unlikely to be a legal use of this personal information under GDPR.

GDPR & WebHealer

This guide has been created to help customers of WebHealer as opposed to those who have merely enquired about our service. As a customer you will have broadly two types of concern. 

  1. Does WebHealer process your personal information in compliance with GDPR?
  2. Concerns about your own website run by WebHealer and its compliance with GDPR

As indicated in the overview above we are not in a position to offer "GDPR Compliant Websites" as compliance is more a matter of your own procedures than how the website is constructed. We have however given a lot of thought to how we can can simplify the work you need to do to make your website GDPR compliant. Even more important of course is that we do not create any barriers to your website being GDPR compliant.

This guide will be updated as May 25th draws near and will hopefully address whatever concerns you have.

Countdown to GDPR

21 May 2018 We published our new GDPR compliant Privacy Policy today. The address is www.phdinteractive.co.uk/privacy We have also received further reassurance from our legal advisors about the GMail Privacy Policy released last week. "This privacy notice is compliant with GDPR and has clearly been designed with GDPR in mind. The privacy notice will have been sent to all Gmail users within the EU and makes it quite clear that the rights extended by that policy apply across Google as a whole".

15 May 2018 In the last few days GMail users have received emails from Google alerting them of a new Privacy Policy scheduled to come into force on GDPR day. Although it does not categorically state that Gmail is GDPR compliant this policy is clearly intended to address GDPR issues and provides much reassurance. In fact we have yet to see any company anywhere state in black and white terms that they are GDPR compliant and we expect that even after May 25th there will be few companies making such statements. Here is a link to Google new privacy policy which takes effect on May 25th.

11 May 2018 All WebHealer clients can now create their Privacy Notice via the special Privacy Notice section in their Administration Area and then activate the notice via the Privacy Features section. Access both these sections from the Administration Area menu under Site Management.

We are still trying to find out more information about GMail and its compliance status. It is quite possible there will be no clarification before May 25. Many aspects of the legislation are not as explicit as people would like and its very possible that norms of best practice will become established which people tend to follow in the absence of definitive direction. All we know for now is that after May 25th a very large number of businesses will still be using a free Gmail account. We haven't updated our systems to support the officially compliant GSuite yet but it will be done next week.

8 May 2018 If you have created a Privacy Notice using the system we have provided (see below) and you are using the Mobile ColourMax design you can now make the Privacy Notice active in the same way as explained in the note immediately below. Clients using all remaining designs including older non mobile-friendly designs should be able to activate their privacy page by the end of this week.

1 May 2018 If you have created a Privacy Notice using the system we have provided (see below) and you are using our latest Social ColourMax design platform (includes Gold and Silver Designs) you can now make the Privacy Notice active. This will put a "Privacy Policy" link in your website footer and add notices to your Email Contact Form. To make a Privacy Notice active login to the Administration Area and look under Site Management to find Special Features. On that page you will find a Privacy Features section. Customers on older designs will have to wait a few more days while we add the necessary functionality to their designs.

30 April 2018 As the GDPR deadline approaches many businesses are still getting their house in order and unfortunately that leaves a lot of grey areas. One of the grey areas that has concerned some people recently is Gmail and whether it will be safe to use Gmail for business purposes after May 25th. On the one hand Google do say that overall they comply with important and relevant EU/US legislation for GDPR but they are not yet saying definitively that GMail is GDPR compliant. Instead they are saying that their chargeable GSuite service (which includes a commercial version of GMail) is safe for GDPR. We'd be very surprised indeed if Google would leave tens of millions of small EU businesses in the lurch by not making the free version of GMail compliant with GDPR. We'll keep you updated as we find out more but we have also been making preparations for those WebHealer clients who feel unsure about this and want to switch to GSuite. Our systems can't support GSuite at present but we are working on some updates and hope to have this option in the next week or so.

24 April 2018 Today we have enabled a feature for all WebHealer customers to help them prepare for GDPR. Every WebHealer website now includes an extra page that can be edited just like a normal page but is dedicated to holding a Privacy Notice. If you log into your WebHealer website and scan down the menu on the left you will see the option Privacy Notice in the Site Management section. You can start using it right now. In a few days we will enable features to link to it from within your pages and from the website footer. Keep an eye on this guide for more details.

Frequently Asked Questions

  1. Is WebHealer GDPR compliant?
  2. What do I need to do for my website to be GDPR compliant?
  3. Do I need SSL for my website to be compliant?
  4. How do you process and store the enquiries sent via my contact form?
  5. How can I add a notice to my contact form to make clear how I will use an enquirer's information?
  6. Can you advise me on what I should put in my Privacy Notice?
  7. Do you have an example of a Privacy Notice?
  8. How can I ensure my Privacy Notice has been seen by enquirers? I have lots of email links on my website
  9. What information does my Email Contact Form capture?
  10. I have "Subscribe to Mailing List" on my website. What do I need to do?
  11. What cookies does my website use?
  12. I need visitors to tick a box to say they have read my Privacy Notice
  13. Where can I find out more about GDPR?
  14. I have written my privacy notice. Can you tell me if its OK?
  15. Where are the Terms & Conditions of my contract with WebHealer ?

1. Is WebHealer GDPR compliant?

WebHealer respects privacy. One of our fundamental principles is that no-one should receive a communication from us that they do not expect and might perceive to be unwanted. As this is at the heart of GDPR our compliance activities primarily involve ensuring we have the necessary documentation and have carried out checks on our suppliers. We have engaged a company lawyer to assist us and we are currently documenting our procedures and writing the necessary privacy notices. We are also in discussion with our suppliers who will inevitably be in discussion with their own suppliers. This chain of dependency means that it is likely to be well into May before we can say we are GDPR compliant, but rest assured it is a very high priority for us.

2. What do I need to do for my website to be GDPR compliant?

This very much depends on how you use your website and any personal information you obtain through it. This link provides a well written and clear explanation of the areas that will be of most relevance to our customers. It is rare for customers of WebHealer to be engaged in online or offline direct marketing campaigns, so for most the concerns will be about ensuring that your visitors are notified about how you will use their personal information when they contact you (via a Privacy Notice) as well as how we process enquiries that come via your Email Contact Form.

3. Do I need SSL for my website to be compliant?

A lot of vendors are promoting SSL as a positive contribution towards compliance however our advice so far is that SSL is not strictly needed. If you would like your website to use an HTTPS secure connection (i.e. SSL) then please contact us as we are already in the process of upgrading clients to this at no charge.

4. How do you process and store the enquiries sent via my contact form?

Enquries submitted through your contact form are sent directly to you by email and then deleted from our systems. They are retained only until we are confident they have been successfully delivered. 

5. How can I add a notice to my contact form to make clear how I will use an enquirer's information?

The important thing is to draw attention to your Privacy Notice that states how you will use any information provided. We are developing new features for WebHealer websites to help with GDPR and these include a new free page specifically for your Privacy Notice and a link to this with suitable explanation on your Contact Form.

6. Can you advise me on what I should put in my Privacy Notice?

This is beyond our area of expertise as all customers will make individual choices, however we would recommend contacting your professional association who should have good general guidelines relevant to your type of acitivities.

7. Do you have an example of a Privacy Notice?

Unfortunately we aren't able to provide an example privacy notice. Its a little like asking for an example tax return as privacy notices are intended to reflect the way you use personal information and this varies even between therapists. We have retained a lawyer to help us write our own but that wouldn't be suitable for you. That isn't cheap of course but your professional association should be able to give some guidance for someone in your particular area of work.

8. How can I ensure my Privacy Notice has been seen by enquirers? I have lots of email links on my website

It is not clear to us that there is a strict requirement that an enquirer positively confirms they have read a notice but it should be fairly visible. We will be adding a link to your standard Privacy Notice in the footer of your website, however to be more cautious you could modify all your email links to be links to your Email Contact Form as that is being updated as explained above.

9. What information does my Email Contact Form capture?

A standard email contact form only captures an enquirer's name and email address along with IP address of the computer used to make the request. No cookies are captured.

10. I have "Subscribe to Mailing List" on my website. What do I need to do?

If you have added this yourself you will need to contact the supplier of the mailing list service and ask them. Any reputable service will have made arrangements for GDPR so they may automatically update their plugins with the necessary changes or provide options for you to update the plugin according to the way you will use the data. If you have had assistance from a WebHealer business partner to add the mailing list feature you should contact the business partner for assistance in updating it as required.

11. What cookies does my website use?

Firstly cookies and personal information for GDPR purposes are very different things. It is very rare that you will have access to personal information through cookies so unless you have a special plugin that does give you personal information you are not processing personal information and you won't need a Privacy Notice for it. 

Until the introduction of our Social ColourMax design platform WebHealer websites did not use cookies as standard for any other purpose than to remember your login which does not impact on visitors. For this reason there was no cookie page. We introduced a cookie page with Social ColourMax designs and you will see this linked from the footer of your website - if you don't then you are on an old design. The Social ColourMax cookie page lists the social media cookies that are automatically included with this design. 

When you activate your Privacy Notice you will see a modified footer including a link to a cookie page whatever design you are on. This privacy page again references social media cookies as a catch all in case you have used them on an older design.

The only other cookies that might get used by your website are as a result of 3rd party plugins that you may have used on your website such as online booking tools. If you have used these you should contact the supplier and ask for advice on the privacy implications.

12. Where can I find out more about GDPR?

We recommend seeking the advice of your professional association who will understand the typical working practices and data usage of someone in your profession. For more general information about GDPR you may wish to visit the Information Comissioner's Office GDPR page.

13. I need visitors to tick a box to say they have read my Privacy Notice

To enable this feature within your Email Contact Form go to the Special Features section in your Administration area. There is an option under Privacy Features to enable a tickbox. If you are using a bespoke designed PHD Form you will need to contact the business partner who made it and they will be able to modify the form.

14. I have written my privacy notice. Can you tell me if its OK?

The whole business of GDPR is quite complex and is fundamentally about your own business and procedures. We're seeking advice from a lawyer about our own particular circumstance so I'm afraid we can't really say whether your notice is right for you or covers everything or is in some way "right" or "compliant".  All we can say in terms of reassurance is that we are advised that the businesses that get in trouble for GDPR are likely to be those that have given no thought to it at all or decided to play "fast and loose". If you are a small business and have given proper consideration to what you do and written a privacy notice in good faith you are likely to be OK. If you need more reassurance than this then we would advise seeking the advice of your professional association or a commercial lawyer.

15. Where are the Terms & Conditions of my contract with WebHealer ?

Please see this link for our latest terms and conditions, however these are likely to change before May 25th 2018