The General Data Protection Regulation (GDPR) is closing in! If you have not begun to understand and tackle these new regulations, time is of the essence.
For those who are unaware, the GDPR is a set of rules all European organisations must adhere to in order to keep consumer’s personal details safe while online.
Companies and websites will need to ensure that their websites satisfy the GDPR outlines, before May 25th, 2018. This includes any organisation based outside the EU but have customers from within it (e.g. Facebook).
To help ensure that your #SchoolWebsite meets these regulations, we have created a checklist of actions you will need to take.
 Do you know what data is being captured and held?
Is your website using cookies? Are you using Google Analytics or a Facebook pixel? You will need to know the data that you a capturing - regardless if is collected by yourself or by a third-party - and have these methods clearly defined.
- what data is captured
- when it was captured
- what the data is used for
- details of any third-party tool used for data capture
- the process for a user to request their data to be permanently deleted
 Do you know when and where data is being captured?
These details must be divulged to anyone agreeing to your site capturing their data.
 Do you know how long data will be stored for?
 How is the data being used and is it secure?
Understanding your data security is essential if you are to meet GDPR guidelines. You will need to fully understand how the data is being used, where it is stored and how secure the data is.
For example - data captured with an analytics tool:
- is data stored on a third-party platform?
- is this platform secure (and 100% compliant with GDPR)?
- is the data encrypted to GDPR standards?
Another consideration is the security of your own website anywhere data is involved. An SSL certification is the minimum website requirement needed to protect stored data.
 Have you got full consent to capture and store data?
The next step is to ensure that permission to capture data is explicitly granted.
Site visitors will need to 'opt-in' to grant this permission. This means that any forms granting consent must be unchecked by default so that the visitor can actively check and confirm.
There are two key areas where this should be addressed:
If so, you must request that visitors agree to this (most commonly seen on the home page in a pop-up window)
- does your site use forms for contact and enquiries / subscriptions / applications?
If so, you must request that the data captured from these forms is given with consent. An 'opt-in' option must exist on the form that is mandatory (i.e. the form cannot submit without that option being checked).
 Is your "data officer" contactable?
As part of the GDPR people have the right to freely request access to their data. To enable this, you will need to have a plan in place for how a person requests this information.
 Is the "Right to be Forgotten" process clear?
Likewise, people have the right to 'opt-out' and have all data pertaining to them removed permanently.
The process for them to do this must be clear to them, and easily actionable from your end.
Interactive Schools take GDPR seriously, and believe this is a great step forward to protect our privacy and digital footprint. If your would like to find out more about how we can help ensure your school website is compliant - please email email@example.com.