GDPR, COOKIES & PRIVACY TOOLS
GDPR & Privacy Tools and Solutions for School Websites. Our school website builder platform offers great tools to allow your website users to easily manage their personal data. These tools, in turn, helps you to create a GDPR compliant school website your users can trust.
We take data protection and privacy very seriously. We are registered with the ICO under the Data Protection Act and encourage all of our users to ensure their school website complies with any laws and regulations applicable to them. In this guide, we will look at ways you can make your website GDPR compliant.
ABOUT THIS GUIDE
GDPR came into effect on 25th May 2018. Schools that must comply with the regulations should already have a data protection officer overseeing their school's compliance. This guide is intended to help you understand what GDPR is and discuss ways you can make your school website compliant.
Disclaimer:
Please note that the information contained in this site is not legal advice and you should not rely upon it as such. We recommend that you consult with your schools DPO and a legal representative for additional steps you need to follow.
WHAT IS GDPR?
GDPR stands for The General Data Protection Regulation, a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). GDPR gives people more control over how their personal data is used. Organisations who collect personal data have to be transparent about the information the collect, what they do with it and how they use it. Although the regulation was passed in the EU, organisations anywhere in the world will have to comply with the regulation if they collect personal data of EU citizens.
Does if affect my website?
If your website collects any personal data of EU citizens then it must be GDPR compliant. Failure to comply could result in penalties and fines.
Outside of The EU?
If your school and operations fall outside of the EU and EEA then it’s worth checking with your local authority to see if there are any data regulations your website must meet. For example, The California Consumer Privacy Act (CCPA) which is a state-wide data privacy law intended to enhance privacy rights and consumer protection for residents of California, United States.
WHAT IS PERSONAL DATA?
Personal data is any data that can be used to identify or potentially identify a person. Your site may collect personal data in a variety of ways like forms, memberships, purchase, analytics etc.
Some examples of personal data are
- a name and surname;
- a home address;
- an email address
- an identification card number;
- location data;
- an IP address;
- a cookie ID;
Top Tip
If your website collects any personal data be sure to provide your users' with access to your Privacy Policy, so they know exactly how their data will be used, and get their consent.
HOW CAN I MAKE MY SITE GDPR COMPLIANT?
There are several areas you need to address to make your school website GDPR compliant. The good place to start is to create a privacy policy. A privacy policy should tell users in a clear way what personal data your website will collect, what your school will do with it and how it will be used. You must always get consent from a user to collect or use their personal data and provide a way for users to request to access their personal data and an option to delete their personal data. We have created tools to help you attain user consents and for you to handle personal data requests in your website.
GDPR Resources
There are some great resources and services to help you achieve GDPR compliance. Below are links to sites that will help you create your Privacy Policy.
CREATE A PRIVACY POLICY
A privacy policy is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. It’s important that your privacy policy is clear and easy to understand.
Your Privacy Policy should include, but is not limited to:
- Contact details for your school and DPO
- Information on how uses can request and delete their data
- The types of information collected by your school website.
- The purpose of collecting the data.
- How you protect their data (SSL, data storage)
- Third-party services used in data collection (like Google Analytics, My School Design)
- Use of cookies
Third Party Services
Be sure to include details of any third party services that you use to collect personal data with links to their privacy policy. Any third service you use must also be GDPR compliant.
For example, if you use our school website builder, you will need to list My School Design as a third party service and include a link to our privacy policy and details of what services we provide.
PERSONAL DATA REQUESTS
It’s very important to provide users with a simple way for them to access and manage their personal data. In your privacy policy, you must explain how they can request a copy of their data that is stored via your website and how they can delete their data. We also suggest adding a form where users can request a copy of their data or remove all of their data (see our data request form here). This form can be added to your Privacy Policy or a separate page. Be sure to add a link to the other page in your privacy policy.
Once a user completes this form you will receive a notification and you will be able to request a copy of their data or to remove their data by going into your website settings, selecting Advanced then Request Customer Data and then selecting the relevant option and entering their email address. We will send all the data we have associated with that email address within 72 hours. However, for data deletion, it can take up to 60 days for the complete removal from all of My School Design’s systems and servers.
Third Party Services
Note that these requests will only apply to data that has been processed and collected through your website using our website platform. You will also need to send/delete data for any third party services you use (like email marketing platforms, CRM etc) that store and collect data.
COOKIES
Cookies are small pieces of data stored on the user's computer by the web browser while browsing a website. You need to explain in your Privacy Policy how your website uses cookies and to explain how to remove them.
For instance, My School Design’s platform provides analytics for our users that can be accessed on your website's dashboard. To provide these analytics, we use cookies and sends information regarding visitor's screen, browser, device and visited pages to our servers. If you use our website builder platform you will need to explain this in your Privacy Policy along with any other cookies and third-party cookies your website uses and provide details on how to disable cookies.
Explain that users can disable cookies by going to their browser settings and selecting to disable/block cookies.
Cookies Tool
We have created an easy way for your users to disable/enable My School Design’s cookies.
To include it in your privacy and cookie policy
- Create a link/button and select Popup
- Select the Popup 'Setting to Enable/Disable Visitor Analytics'
COOKIE CONSENT & DISCLAIMER
If your school is based in the EU you will also need to comply with the EU Cookie Law. As mentioned previously, it’s important to give users the option to disable cookies. To make this easier for your users you can turn on the Cookie Disclaimer option by
- Going to your Website Setting,
- Selecting Advanced Settings
- Select to enable the Cookie Disclaimer
You can change the disclaimer text, add button text and link to your Cookie Policy page and change the text for the Accept button on the website.
You can also use a third-party service, like TermsFeed, to create a cookie consent banner on your site. This may be useful if you want to block all cookies until a user accepts them.
Cookie Policy
If your website uses cookies you should create a Cookie Policy to let users know that your website uses cookies, what cookies are, the type of cookies your website uses, why your website uses and details on how to disable cookies. You can add a button here to link to the Cookie enable/disable Popup.
Below are links to resources and service that can help you create a Cookie Policy.
ALWAYS GET CONSENT
It’s paramount to get consent from a user whenever their data is collected. Whether it's consent for cookies, collecting personal data in a form or, marketing/contact preferences.
It is best practice to add a consent checkbox to any forms on your website. These forms could be registration forms, Checkout/payment forms, Email signup forms, Contact forms etc. Adding a checkbox allows the user to choose to accept and agree to your privacy policy. Also, link to your Privacy Policy so users can see exactly what they are agreeing to.
Be sure to always get the users consent when collecting their personal data.
Top Tip
If you use our school website builder you can add consent checkboxes to your forms by
- Selecting Edit Fields
- Clicking + to add a new field
- Select the Accept Terms field
- Click the pencil icon
- Edit the description to include your consent statement and link to your Privacy Policy.
HELP & ADVICE
We hope this guide has helped give you some insight into what GDPR is, the different areas you need to address to make your website compliant and the tools we offer to assist your compliance. As mentioned before, it is best to talk with your schools DPO and seek legal advice to ensure your website is completely GDPR compliant.
If you have any questions please contact us.
Additional Information
Your website may also benefit from having Terms and Conditions. Although terms and conditions are not a legal requirement for your website they are useful in outlining the guidelines of your website.