GDPR - Your Compliance
Based on our interpretation of GDPR, we strongly suggest you look at:
Statements and the information provided across our website about GDPR is based on our interpretation of the legislation. It is not legal advice. For concrete legal advice, you may wish to talk to a solicitor.
Areas We Recommend you Review
Everyone who uses your site has a right to know what data you're collecting about them and how you use it. Even if you're not collecting Names or Email Addresses via a form, if you have any tracking tools on your website (Google Analytics) then you are collecting data.
We strongly recommend all clients read our
Are you collecting contact information in order to send marketing materials?
Consent fields should be unticked as default, allowing users to opt in should they wish.
In the case of texts, emails, post or calls, the user should be able to give specific consent to receive marketing by each of those means.
As well as collecting consent for marketing materials, you shoud also have a record of when the person gave you permission. If you use a Toolkit Contact form, the data will be stored in the
Enquiries Module of The Toolkit
and you'll have received an email notification when the form was submitted.
4 Must Do's When Collecting Data
Request the consent of all customers/potential customers before you collect any of their information. These requests must be in easily understandable language free of legal jargon and must also be obtained separately (tick box is recommended) from other matters and not be hidden in other text.
Provide users with a way to withdraw from your future correspondence and have all data on them purged on your systems. All users have a "Right to Be Forgotten”under the new rules.
Read More about Consent here
Secure Socket Layer (SSL)
Client data passed through your website must be protected to avoid it falling into the wrong hands. Is your website SSL Secure?
If it isn't you can encrypt your website with a SSL certificate which in turn improves your Google ranking & removes any 'insecure' warnings your clients will see in both Search Engines & Browsers.
Secure Socket Layer services give websites the padlock icon in the top corner of a browsers URL bar which defines sites with secure connections. SSL is a technology used for establishing encrypted links between servers and browsers, so it provides end users with a far more secure experience and protects their data from outside sources.
Bespoke websites require bespoke security solutions so we've invested in a SSL certificate solution that will protect all of our websites end users data.
About Our Systems and Protocols
is an encrypted, password protected Content Management System that only you and any other users on your account have access to. This is where the form submissions through your website are safely stored.
(Providing you're using Toolkit Forms and not 3rd Party Forms).
Login Details for The Toolkit are only sent to Authorised Users on accounts.
Any changes to your Account, Toolkit or website in general, are only actioned when the request is emailed to us or directly actioned from an Authorised Users email request.
Toolkit Email Service
We do not store any mailbox passwords.
The resetting of passwords is handled completely via automated texts, so our team don't even see your password when you reset it.
Please do not send us your mailbox passwords. We can access your mailboxes in emergency circumstances through our Webmaster system, however doing so automatically alerts our customers and management team via email. No passwords are stored or seen during this process.
Toolkit Webmail uses SSL encryption to send emails and we recommend all our clients use SSL connections when configuring email addresses on phones, tablets or Mail Clients such as Outlook, Thunderbird, Live Mail etc.
You are responsible for (but not limited to):
The client data your website collects
The content on your website (including any form disclaimers)
The persons who have access to The Toolkit and subsequently your account with us
How your client data is stored and managed
How your mailing lists and contact lists are collected, stored and used
We are happy to answer any GDPR based questions that are not already listed on our FAQ's page so if there is anything you're unsure of please don't hesitate to get in touch.
If you take any personal data through your site, you should have an
You previously only needed SSL if you were taking sensitive information, like payment details, but with GDPR changes, it's now believed to be required for all data, including basic form information such as name, email and phone.
Back in October 2017, Google Chrome also introduced a Not Secure banner for any site with a contact form, but not SSL.
You can read more about that here
To avoid your customers getting a warning and to be GDPR compliant, upgrade to
Website & Email Access
Who is able to log in to your Toolkit account? Who can make changes to your website, contact forms, client enquiries, user permissions etc? Review your existing protocols, staff access, email accounts and general permissions so you can be confident authorisation is only provided to the right people.
Customer data is stored within The Toolkit and your business email accounts so it's crucial you know just who has access and how it is viewed.