Some helpful information regarding GDPR

You may have heard about GDPR - the new law affecting all EU citizens. This law potentially affects everyone with a website as any visitor who may be in the EU is protected by the law. This means your website should be GDPR compliant - if only for your EU visitors.

Whilst this isn't legal advice and by no means covers the full extent of the GDPR rules, we've compiled a few pointers below.

We've also updated our CMS platform that powers your website to include some helpful new features.

1. Privacy policy

You should update your privacy policy. Here is a good checklist that covers the basic requirements: https://www.marketingcollege.com/insight/gdpr-privacy-policies

2. Deleting user data

Users may request to 'be forgotten'. If this happens you can use the tools under Website Settings > Delete individual user data to easily remove all data from the database for a single user.

3. Double opt-in for mailing lists

If you use our mailing list feature, new subscribers will be required to click a link in their email to ensure they're the owner of the email address entered into the subscribe form. By default this a simple plain-text email. However, if you create a new autoresponder and attach it to the mailing list, you can customise this email. If you click 'Help' after logging into the CMS, then search for 'autoresponder' you can see more information on this process.

4. Repermissioning your mailing lists

As part of sending email to a mailing list for marketing purposes you must have a legal basis for doing so. 'Consent' is one form of legal basis. If you do not have affirmative and documented consent for each user on your list you will need to get that consent or delete the user from your list. This process is called repermissioning your list and we have added new tools to make this easy. Search for 'repermission' after clicking Help from the welcome screen of your CMS to learn how to do this.

The exception to the above is if you are using 'legitimate interest' as your legal basis for processing their email address. This will apply if you obtained the user's email as part of a sale or exchange or some sort and you are only emailing them relating to similar products or services that you offer.

5. Third party embedded tools

If you have Google Analytics installed on your website you should check that you are not using it to track user-identifable data. This means you should update your Google Analytics tracking code to not send IP addresses to Google as well as making sure User ID is disabled. More information here: http://www.blastam.com/blog/5-actionable-steps-gdpr-compliance-google-analytics

As part of our ongoing support for our customers we will be doing this automatically, free of charge.

You should also check if you have embedded third party widgets like Google Maps or YouTube videos as this will allow those providers to see data for your visitors for profiling and marketing. You should consider using our new 'consent' embed widgets to embed these kind of plugins and request consent from your users before showing the widgets. Search 'consent' in your help system for more information. Please note, not all sites will have received this new feature automatically.

New Zealand - Rotorua: 021 119 0164 (Chris) | 027 363 0967 (Natalie) | 1110 Haupapa Street, Rotorua, 3010

United Kingdom - Bath: +44 1225 580390 (Ben) | Holt, Bradford-on-Avon, Wiltshire, England