Consent is a key part of GDPR
legislation and it is important for any website that collects personal data to obtain specific permission to use it in the course of their business.
Visitors to your website must understand exactly how you are planning on using their data and must agree to each specific purpose.
Implied consent is no longer sufficient. Consent must be given through a clear affirmative action, such as clicking an opt-in box or choosing settings or preferences on a settings menu.
‘By using this site, you accept cookies’ messages are no longer sufficient. If there is no genuine and free choice, then there is no valid consent. You must make it possible to either accept or reject cookies.
Privacy notice and terms and conditions
You will need to update your terms and conditions on your website to reference GDPR terminology. You'll particularly need to make it clear what you intend to do with the information once you’ve received it, and how long you'll retain this information both on your website and elsewhere. You'll also need to communicate how and why you're collecting data.
Secure Website (SSL)
If your website does not have an SSL certificate, it will be flagged up to visitors as unsafe. This is an aspect of web browsing that aims to protect users and keep personal data safe and secure.
Having an SSL certificate basically means a small green padlock appears at the top of the browser. This informs visitors to your site that it is safe, and personal data is not at risk.
Any website that uses any type of form or asks for information – even a simple contact form or newsletter subscription box – absolutely must have an SSL certificate. It encrypts transmission of the data.