and your



On 25th May 2018 GDPR rules come into place. To help make your website compliant, we believe there are a number of sensible steps that you should consider now.

If you feel you're not as prepared for the GDPR as you should be there’s no need to panic, we have a number of suggestions to help your website demonstrate an awareness of GDPR. Of course, we are not legal experts but we do recommend that you consider the following actions:

  • Add an updated privacy (GDPR) statement on your website. This should cover how you collect and use/share personal data, and the process a user can follow to request a copy of the data you hold on them, how to change data or use permissions and how they can ask to be removed from your records.
  • In connection with the above, set up an online form or email address to allow people to request a copy of their personal data held by you or request the right to be forgotten.
  • Run your website over https (otherwise known as Secure Sockets Layer – SSL). This means that all data transferred in website forms to the database is encrypted. This also has the advantage of being favoured in Google and also looks better on Chrome browsers that are now starting to flag if a site is not equipped with SSL.
    • An SSL certificate wildcard (3rd party cost annual fee to cover multiple domains, this includes sites under development and microsites on sub domains)
    • A couple of hours of Senior time (one-off) to install, check and update any 3rd party linkages. This fee will be a range depending on how complex your website is
    • If your website is linked with a CRM there may be additional charges from your supplier to also align their system to meet https requirement
  • Conduct an audit and document the areas of the website where you collect personal data and look at how you handle and store this data.
  • Decide how long you should be storing personal data for and delete any obsolete or unused records (you might need Senior to do some work to achieve this.)
  • Add an opt-in checkbox to forms on your website where you collect personal data, explicitly agreeing that you can use and store their details in connection with the normal course of your business or in connection with their enquiry;
    • If it's a form built in River Form Builder you can do these yourselves - feel free to contact us for help on this
    • If it’s a bespoke form (likely if you have an CRM integration) then ask Senior to quote for adding this field

Read the full advice from ICO here.


Many of the options below will be specific to your needs and your website, so please indicate which ones you would like to prioritise and Senior will produce a quote and timescale for you.


Please be aware that we will conduct work on a first come first served basis. Consider these steps as a starting point to your organisation's ongoing commitment to the principles of GDPR. If there is anything else you have been advised to do or to implement please talk to us about this.

As your Data Processor Senior will be issuing to you our revised contracts and terms of business that outline our responsibility to you (the Data Controller) for GDPR.

GDPR and Data Protection