How To Make Your Squarespace Website GDPR Compliant

fbfe8-howtomakeyoursquarespacewebsitegdprcomplianthowtomakeyoursquarespacewebsitegdprcompliant.jpg

*Disclaimer*

Any information found on this blog post has been researched and sourced online. Becoming GDPR is solely your responsibility and we do not accept any liability for any action you have taken as a result of reading this blog post. We always recommend consulting a legal professional to make sure you are GDPR compliant.

Ok, so you’re probably sick of hearing about GDPR but truth is, ignoring it won’t make it go away, and in reality it’s nothing to be worried about! Although the GDPR deadline has been and gone, many of you are probably yet to make all the necessary changes to ensure you are GDPR compliant.

So, In this post we’re going to discuss some of the changes you may need to make to your website, specifically websites built on Squarespace, to ensure you are compliant with the new GDPR regulations.

1. Get Consent!

You can now no longer automatically opt people in to receive your emails, or sign up for a loyalty card unless they give their FULL consent. This means no pre-ticked boxes or any other method of consent by default. The new regulation also states to “Avoid making consent a precondition of a service”. This means, you can no longer make signing up or providing an email address a condition to receive some sort of ‘freebie’ - annoying, we know. So, some changes you may want to consider making are:

  • Enable double opt in: If your website is built on Squarespace, chance are you are currently using the Squarespace newsletter and form blocks. In order to be fully compliant with GDPR, we would strongly recommended that if you are using these Squarespace blocks, that you enable “double opt-in” on Mailchimp or whatever server you are using. This will mean when visitors do enter their email address into your website, they will receive another email asking them to confirm their email.

Alternatively, you could opt for the Mailchimp GDPR enabled sign-up form instead, which has the correct, GDPR compliant language for the required permission, data transfer and the consent checkbox. However, we would always recommend having “double opt in” on,  just to be on the safe side.

  • Remove any automatic Mailing List subscription at checkout:

Make sure that you uncheck ‘Check Subscribe by default’ on the Squarespace checkout page as this is now against all rules of GDPR! Visitors will still be able to subscribe to your mailing list, they will just actively have to do so. Squarespace will allow you to add text next to the checkbox where you should state that if they choose to subscribe they can unsubscribe at any time and also be sure to link your Privacy Policy (which you probably would have had to update prior to the GDPR deadline).

  • Gain ‘Re consent’ from those already subscribed to your mailing list:

You are not required to get ALL of your subscribers to re-consent, despite how many people believe this is necessary. What you do need to do, is analyse whether or not those subscribed have subscribed in a GDPR compliant way. So, if you have had double opt in on this whole time or haven’t gained subscribers without their full consent and them actively ticking the subscribe box, then you’re probably OK. However, If you’re not 100% positive every name on your mailing list has been obtained in a way that is compliant to the new regulations, you are required to ask for re consent.

2. Conduct a personal data audit

Secondly, in order to make your Squarespace GDPR compliant you may need to look for areas of your website where you are collecting people's personal data. (Be aware that the GDPR definition of “personal data” is :' any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Some questions to consider are:

  • Do you collect personal data on your website using any third party services such as Google Analytics and Google Drive? If you do, you should check the privacy policies of these services.

  • Do you download or export data from your website into another system? - Again, if this is the case you need to read the systems privacy policy.

  • Do you combine the personal data you collect with other sources of data?

  • Are you gathering information you don’t need?- You should not be gathering or holding any information you do not need, if you are, get rid of it.

3. Create (or update) your privacy policy

This may be a step that you have already done, but if you haven’t, it’s best to get this done asap. Once you have identified your data collection activities, you should state clearly on your website which explains:

  • What information you collect eg you can include the lists of cookies your site uses.

  • Why you collect such information

  • Who you share this information with, if anybody.

  • Any other information required under GDPR (Check the ICO website for help and advice on exactly what you need to do. There is also a self-assessment checklist which will help evaluate your situation and make you aware of any pitfalls in your Privacy Policy and Data Collection Policy)

If you need any guidance on GDPR, it’s best to consult with a professional or visit the ICO website - https://ico.org.uk/.

If you need guidance on building your Squarespace website, we offer Website management and Creation at Sassy Digital and exclusively use Squarespace to build beautiful, functional websites branded to your business identity.

Visit http://www.sassydigital.co.uk/websitedesign or get in touch for more information! - info@sassydigital.co.uk

*Disclaimer*

Any information found on this blog post has been researched and sourced online. Becoming GDPR is solely your responsibility and we do not accept any liability for any action you have taken as a result of reading this blog post. We always recommend consulting a legal professional to make sure you are GDPR compliant.