back to top
Kim Lagos
Kim Lagos
09:36 02 Dec 19
Webwise recently assisted with some design requirements for my business. I was very happy with the level of service and the finished product. Thanksread more
STYLD
STYLD
08:07 20 Nov 19
I use Sydney Webwise for all my digital creative requirements and am always highly impressed by the standards.
Alyce Biggs
Alyce Biggs
16:56 16 Oct 19
I have been working with Sarah for the past 4 -5 years, I absolutely love her passion, energy and manner. She really cares about her clients and delivers great results and site performance. Sarah and her team go above and beyond.read more
Jiraporn Taveeapiradeebuntip
Jiraporn Taveeapiradeebuntip
00:25 24 Sep 19
We have been looking for a web designer to take on a challenging custom build project for a long time. After being rejected by several other companies due to the complexibility of the build we were super lucky to finally have found Sarah from Webwise. Sarah was extremely good to work with as she actually listened to our needs and what we would like to achieve with our new website in regards to design and the custom personalisation part of our products. No challenge was to much for Sarah and the team and the outcome exceeded our expectation by far! The whole process was very organised and the communication could have not been any better. We can highly recommend Webwise to anyone with full confident you are in good hands. We are very thankful and looking forward to work with Webwise again in the near future.read more
Element Building Projects
Element Building Projects
03:48 04 Sep 19
We have worked with Sarah and her team at Sydney Webwise for several years and keep coming back to them because they are simply amazing! Sarah really gets us. She is super patient, extremely responsive, really pleasant to deal with and she genuinely cares about producing a great result for us. We've worked on creating and improving numerous websites and digital and other marketing material with Sarah and her team, and we highly recommend Sydney Webwise if you are looking for someone to deliver results with a unique and personal approach. Her team will give you honest and genuine advice that aligns with effective and creative web & digital marketing strategies. Thanks Sydney Webwise!read more
Illetes Swim
Illetes Swim
03:53 30 Aug 19
Would highly recommend the Webwise team for their dedication and support whilst launching our website and online shop. Could not thank them enough for all the hard work they put in for us. They give after support too so you are not left after without assistance, very professional and committed team, Wish you all the best and hopefully work together soon again :)read more
Lee Lucas
Lee Lucas
00:07 15 Aug 19
Have worked with Sarah for almost 10 years and can not recommend her enough. Sarah has some awesome ideas and the ability to make you look elite! Her portfolio of clients shows. High class professionalism!read more
Naomi Brand
Naomi Brand
00:39 12 Mar 19
Sarah at Webwise is amazing at what she does! I would recommend her to anyone looking to create amazing websites! Her knowledge, expertise and thinking outside the box is second to none.read more
Ben De Jonk
Ben De Jonk
08:56 24 Oct 18
I have dealt with Sarah now for all my hosting and website requirements for the last few years and she has always delivered great ideas and designed fantastic websites. I know the most difficult thing with my business is I am so busy and don’t have time to do the research. With Sarah I gave her my ideas verbally and some competitors in the area and she did the rest coming up with a great modern designed website. I would have no hesitation in recommending webwise for anyone looking for a great modern and affordable website. Keep up the good work!!read more
Next Reviews

How Europe’s New GDPR Could Affect Your Website

24 May How Europe’s New GDPR Could Affect Your Website

 

Do you get any website traffic from the EU?

If the answer is yes (hint: it probably is), then you should be aware that Europe’s new sweeping data privacy laws, GDPR, will affect you.

 

What is GDPR?

GDPR stands for General Data Protection Regulation. It’s a data privacy and protection regulation slated to officially begin on May 25, 2018.

Data protection in Europe is getting a major upgrade and is the biggest legal change in the Internet age

It’s a legislation which focusses on the way in which private data belonging to EU citizens is collected, stored and distributed. Everyone is required to take action before the given date — this applies to all companies across the world who appeal or work with EU citizens. It doesn’t matter where you are located in the world, if you’re dealing with EU citizens, you need to comply to GDPR.

 

Why has it been introduced?

GDPR focusses on giving control back to consumers. It’s important for people to have more control over their personal data, and to know exactly how companies are using that data IF they’ve allowed a business to use or store their private data.

 

What If you business does not comply?

Organisations that fail to comply with the regulation requirements could be slapped with administrative fines up to €20 million, or in the case of an undertaking, up to 4 percent of the total worldwide annual turnover of the preceding financial year, whichever is higher.

The laws do not stop at European boundaries, however, with those in the rest of the world, including Australia, bound by the GDPR requirements if they have an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviour of individuals in the EU.

Who is affected by the GDPR?

The GDPR affects anyone with a website that stores/processes/tracks “personal data.” This often happens automatically through different services—we’ll get to that soon. The GDPR understands personal data as (among other things):

  • First name and last name
  • Address
  • Email address
  • Birthdays
  • Bank accounts
  • Location data
  • IP addresses
  • Cookie ID

This definition means that virtually all website owners and shop owners have to review their site and adapt it, where necessary.

A website is affected by the GDPR if:

  • IP addresses of website visitors are transmitted/stored
  • There’s a comment function where you can input an email address
  • User registrations
  • Visitors can comment
  • There’s a contact form
  • There’s a subscription or a newsletter subscription
  • The behavior of visitors is analyzed through tracking and cookies
  • Security tools and Plugins
  • It uses social media plugins that don’t offer a two-click solution to limit tracking

 

How can I ensure that my website contact forms will be compliant?

  • Checkboxes need to be defaulted to “no” & users can’t be forced to opt-out with pre-selected tick-boxes.
  • Different options and terms and conditions need to be clear and separated accordingly.
  • Users need to be able to provide separate consent for different methods of communication such as email, post, telephone etc.
  • Make sure it is as easy to withdraw consent as much as it is easy to sign up.

 

gdpr

The website GDPR compliance checklist:

1. The GDPR Opt-In

The single most important aspect of all this is the GDPR opt-in. Let me be clear on this. An opt-in is under no circumstances the same thing as an opt-out. The EU has said that you must “get their clear consent to process the data.” That means that users have to explicitly say yes, not only have the option to say no.

Here’s an example: you have an online dropshipping business, and maybe you use WooCommerce. When users get to your checkout page, you have a checkbox that reads “[x] Yes, I want to sign up for your amazing email list!”

No problem, right? If you have the box checked by default, you’re at fault. That’s giving them the chance to opt-out. That’s not what the GDPR opt-in rule says. They must say explicitly choose to share their information with you.

 

2. Privacy Policy

Once you have analysed the data that you are gathering, you then need to set this out in a revised privacy policy on your website.

Your privacy policy needs to be written very clearly and cover details about how you are capturing data, where you are storing it, how long you intend to keep it for, how people can view what information you have stored and finally, how they might go about having their data removed from your systems

Don’t just copy and paste someone else’s user policy. It is unlikely to contain the proper information for your site. If appropriate, you might include items like:

  • We do not sell data.
  • We do not share data unless compelled by law.
  • We only ask for personal information if it’s needed to provide a service.

Specifically, you will need to provide detailed instructions in your Privacy Policy explaining each of the following.

  • How to access and download a complete record of any data you have on them
  • The process through which users can fully delete their data from your records (and not simply unsubscribe, etc.) as a part of the ‘right to be forgotten’ laws previously passed in the EU
  • Exactly how you will inform users of data breaches if they ever happen
  • Detailed explanations of who you are, what you use the data for, who has access to it, and how long you retain it

It is now more important than ever to have a Privacy Policy in place. It was pretty important before because Google wanted you to have one. And that importance has just skyrocketed.

 

3. Website Forms

Forms on your website must no longer include pre-ticked boxes. This is considered implied consent and not freely given.

Users should be able to provide separate consent for different types of processing. For example, an option to be contacted by post, email, or telephone as three separate tick boxes.

If you are asking for permission to past details onto a third party – again, you need another tick box. If you are collecting data through one website on behalf of several third-parties, then you need to clearly give an opt-in option for each party.

  • No pre-ticked boxes to automatically sign the enquirer up to a newsletter.

 

4. Encrypt data with an SSL certificate

Privacy is the number one priority as part of GDPR. People want to be safe in what information they provide and, how they provide it.

A Single Socket Layer, or SSL certificate is a small file that digitally binds a cryptographic key to an organisations details. When you have one as part of your website, it activates the ‘padlock’ symbol that you see in web browsers. It provides you with that https:// in your address bar – making all of your content secure between servers, it increases your Google search engine optimisation (SEO) rankings which is a bonus and builds/enhances customer trust, resulting in improved conversion rates – especially within e-commerce websites.

 

SSL

 

5. Clean up your mailing lists

It must be a simple process to remove a user’s consent as it was to grant it, and individuals always need to know they have the right to withdraw their consent.

In terms of your web user experience, this means providing a way of unsubscribing on your email marketing and providing a link via your website also – this may be best placed in your website’s privacy policy.

 

6. IP Tracking

There are many software providers that will give you a tracking code to embed on your site, so that they can they provide you with identifiable details of your visitors. This is different to the anonymous data that can be found in Google Analytics. You will need to make sure that any IP tracking you do is also stated in your privacy policy as IP addresses are classed as ‘personal data’. If your website has a blog element to it where users can leave comments or sign up to a news feed, the chances are their IP address is being stored in your websites database and therefore, you need to let people know about this.

 

7. Cookies

As per the 2011 regulation The Privacy and Electronics Communication Regulation, advertising the use of and requiring acceptance of cookies became law. The use of cookies should also be outlined in your privacy policy and what the information collected will be used for. Users also can opt out of cookie tracking in their browser’s privacy settings. It is worth giving the user this advice.

If you are using third-party plugins such as Google Analytics to capture autonomous data, then you still need to make your users aware of this via your privacy policy.

You must obtain clear, specific consent from users to place cookies and track them. This could be handled by a popup on a user’s first visit that allows users to consent to or decline cookie use. To comply, you cannot have a default answer (such as accept) but must require the user to pick an option. If the user doesn’t explicitly consent, you can’t place cookies on their browser.

 

8. Plugins

Many Plugins make use of user data. It’s important that you review which plugins make use of your user data and what they do with it, because plugins must also comply with GDPR. Many plugins, for example, make use of cookies. Such use must be listed in your privacy policy and must be subject to user consent.

Helpful plugins are also beginning to appear in the WordPress plugin section.

 

9. Re-Marketing

This works by using cookies to track your activity online. You will specifically need to outline in your privacy policy that cookies are being used in this way if your website takes part in this type of activity.

 

10. Online Payments

If you are an e-commerce business, you are likely to be using a payment gateway for financial transactions – PayPal, Stripe, SagePay etc.

Your own website may be collecting personal data before passing these details onto the payment gateway. If this is the case, you will most certainly require an SSL certificate to make sure this information is properly encrypted.

If your website is then storing these personal details after the information has been passed along then you will need to modify your privacy policy and web processes to remove any personal information after a reasonable period, for example, 90 days.

The GDPR legislation is not explicit about the number of days, it is your own judgement as to what can be defended as reasonable and necessary. You simply need to be prepared to provide the details you have to an individual who asks for it and, remove the data if an individual asks you to.

 

11. Live Chats

If you have a live chat service on your website, you need to make sure that you refer to this third-party service in your cookie policy and privacy policy and that you review their GDPR/Privacy Shield policy. You may think the data isn’t being stored anywhere, but it is – very often the transcript of the chat is emailed to both parties once completed. 

 

Recap

 

The GDPR says that your privacy information must be ‘concise, transparent, intelligible and easily accessible; written in clear and plain language – particularly if addressed to a child; and free of charge.’

It would be wise to revisit your existing privacy policy. The key point here is the language that is used is simple and easy to understand, as jargon will not be acceptable under the GDPR rules.

Make yourself aware of where data on your website is coming from, where it is being stored and how it is being processed.

Give everyone the choice to opt into any data, give them the ability to opt out and view/have their data removed from your systems easily.

Encrypt your website with an SSL certificate which not only brings confidence to your users, but also helps to boost your rank in search engines.

If you have any questions or would like to discuss how your website is effected feel free to Contact us. 

 

Disclaimer

These are our recommendations and suggestions based on the research that we have undertaken. In order to ensure full compliance, we would advise that you seek legal advice and take the time to conduct some further reading on the subject yourself.