With GDPR coming into force in a few days time, here’s a handy checklist to ensure your event website is on the way to GDPR compliance.

1. Have you added a GDPR compliant opt-in to all of your data collection forms (including your newsletter if necessary)?

2. Have you checked that your forms only collect information that is necessary to achieve its aims in line with the visitors expectations of what data you are collecting and how they think you will use it? An example of this is the collection of the IP address. Most off-the-shelf form managers automatically record the IP address of the user who submitted the form. Under GDPR, you’ll need to prove a legal basis for collecting the IP address as it is now considered to be personal data. It’s best to not collect it without the knowledge of the visitor.

3. Is you website secure? Does it use HTTPS to encrypt any data that is entered by the visitor?

4. Do you collect marketing data through cookies? We’re talking Adwords, Facebook pixels and the like that are used to build audiences to remarket to? If so, you will need a GDPR compliant opt-in to be able to carry on using these scripts.

5. Data deletion. If your website is not your primary data source, if you export the data to use elsewhere in a CRM or newsletter suite, you’ll need to ensure that the data collected in the website is deleted at timely intervals in order to limit the impact in the event of a website security breach. Along with a security breach the other big issue is the multiple instances of data and managing the consumers right to be forgotten, might be worth suggesting that best practise would be deleting the data once exported and uploaded and outlining this process in their data plan? Most mail systems will have a fail safe around re-importing an email address that has unsubscribed but they may well upload to a different list.

6. How secure is your CMS? If you CMS is not regularly updated, you’ll need to assess how vulnerable it is to being hacked, and take the necessary measures to ensure that it is brought up to data in a timely manner. How timely this is depends on how old your site is. As a yardstick, if your website is over 3 years old, you’ll need to talk to your developers about a re-build in the current version of the CMS. The supported lifetime of most CMSs is around 2 to 3 years from release.

7. Are your logins secure? This is usually the easiest way for a hacker to gain access to your website data, insecure passwords. Ensure everyone is using a secure password. Here’s a handy guide on doing that.

If you have any worries about your event website being GDPR compliant, please get in touch for an informal chat.