Website design & hosting | 07769 900262

Email marketing and GDPR

Many of our web design and hosting clients also have email newsletter lists, and have been asking us what they need to do, to ensure their lists and email marketing is fully GDPR compliant.

Whilst we can’t offer legal advice, we can offer some advice and point you towards some really helpful and easy-to-understand resources that we have found.

The first thing to be aware of is that email marketing is not only affected by the forthcoming General Data Protection Regulation (GDPR), but you should also be aware of the PECR (Privacy and Electronic Communications Regulations). PECR also has a new version is on its way, but unlike GDPR, the rules aren’t finished, and so it’s replacement, the upcoming ePrivacy Regulation, is still in draft. – See more at: https://ico.org.uk/for-organisations/guide-to-pecr/what-are-pecr/

For now though the most common questions we get are

  • Is my email list GDPR compliant?
  • Do I need to gain re-consent?
  • They’ve said yes before, surely I don’t have to ask again?

A significant point to remember, is that there are 6 lawful bases for processing under the GDPR and of these, the two that are appropriate for direct marketing activities, either Consent or Legitimate Interests.

 

When do you not have to have consent?

There is an exemption within PECR, rather ambiguously known as the “soft opt-in”, whereby you can send emails without Consent as long as the following conditions are met:

  • You have obtained the contact details in the course of a sale (or negotiations of a sale) of a product or service
  • You are only marketing your own similar products and services
  • You provided a simple opportunity to refuse or opt-out of the marketing, when you first collected the contact details and in every subsequent communication.

This means you may well be able to email your own customers without Consent, but this will not apply to prospective customers or bought-in lists.

 

What do I need to do if I’m not relying on Consent?

Under GDPR, to have consent you will need clear and more granular opt-in methods (so for example, if you want to send newsletter emails and special offer emails, you should ask them to tick two boxes), good records of consent (so for example be able to prove the opted in, what they asked for, what form you used etc,) and simple easy-to-access ways for people to withdraw consent (lucky most email marketing platforms have been including this in the footer of emails for a while now).

 

What are the key changes to make in practice?

You will need to review your consent processes to make sure they are specific, granular, clear, prominent, optin, documented and easily withdrawn.

The key new points are as follows:

  • Unbundled: consent requests must be separate from other terms and conditions. Consent should not be a precondition of signing up to a service unless necessary for that service.
  • Active opt-in: use unticked boxes (pre-ticked opt-in boxes are invalid) or similar active opt-in methods (such as a choice of two buttons).
  • Granular: give granular options to consent separately wherever appropriate (so not “email newsletters, text offers and postal vouchers”)
  • Named: name your organisation and any third parties who will be relying on consent
  • Documented: keep records to demonstrate what the individual has consented to, including what they were told, and when and how they consented

How do I ask for re-consent?

Given the likelihood that your existing list was not obtained in a fully GDPR compliant manner, you will need to as for re-consent, prior to 25th May (after which, legally you should not email them, as you don’t have compliant consent).

If you have a small/medium-sized list, the easiest way is to email them, and ask them to confirm they wish to continue to receive marketing emails from you (you will probably of had numerous such emails from shops and other businesses yourself asking this recently). This email must be GDPR compliant (e.g. include unticked boxes/s, be granular if necessary, say what you do with their details, and include a link to your Privacy Policy).

There is no free/easy way to automate this, so for a small/medium list (under 300), I suggest you create a new blank list (or group within your list), send a compliant email with two buttons (one saying I do consent and one saying I don’t consent), and they buttone email you an email with a pre-formatted subject. The recipient just needs to click the button, and then hit send on the email. For each email you receive, you will then move them to the new list (or new group), keeping the email as proof of consent. This Facebook video shows how this works in MailChimp.

Up to 25th May you can send a few more emails to those who have not replied, and after 25th May just use the new list/group.

You will have  high percentage of people who do not re-consent (or just ignore you) … that’s fine, they don’t want to hear from you, so don’t waste any more time worrying about them … this is the perfect opportunity to ‘clean’ your list!

Is you have a large list (over 200 or 300), this method is likely to be too time-consuming.

You have a few options, which you can see here

The easiest of which is to buy a re-consent service, this is one I am aware of  – reconsent.co.uk/
This won’t do everything for you, but for £230-£250, they will set up everything you need as well as a comprehensive guide to implementing.

 

More information

If you use MailChimp (or other email marketing systems), we highly recommend you join the ‘MailChimp and GDPR‘ Facebook group, run by MailChimp expert Robin Adams. This group has lots of ideas and suggestions, and you can even ask Robin email marketing questions directly.

GDPR has been on its way for about two years, and although many businesses still aren’t’ sure what they need to do, it not something to be worried about.

It’s good news for consumers (as we’re all consumers aren’t we!), and once you have the systems in place and a clear understanding of what is required it is actually beneficial … even if just to encourage you to clean that ageing email list you’ve been meaning to do for a while!

 

 

Your website … and the dreaded GDPR ;-)

You may be fully aware of the new EU regulation, and confident that you’ll be compliant by 25th May, in which case that’s great! On the other hand, like thousands of small businesses, charities and organisations in the UK, you may not be quite there yet (or even thought about it).

Whilst we can’t offer legal advice, we can help you to meet the GDPR requirements around your website, and point you towards some really helpful and easy-to-read resources.

For all our own hosting clients, we are happy to update/replace your Privacy Policy and/or Cookies Policy, and make minor changes to your copy free of charge … if you’ve not yet done this, then please get in touch today.
The GDPR requirements mean that most website owners will need to make some changes (such as replace their Privacy Notice, update some copy and possibly revise their newsletter sign-up process) … and anything more significant we will always advise clients of any costs in advance.

If you don’t have GDPR-compliant polices and would like this, along with plain-English, actionable legal advice, please see the ‘GDPR Pack’ information below.

Remember: your organisation is responsible for ensuring its own legal compliance, so it’s up to you decide what needs changing and to provide the relevant information (copy, policy etc). Whilst IJL Web Solutions can’t provide legal advice, we do highly recommend the GDPR Pack below.

GDPR Compliance Pack

Many trade organisations are providing practical advice to those in their industry, but there are many small businesses, charities and organisations who still don’t know where to turn for help.
We can than thoroughly recommend this GDPR Pack, which includes pretty-much everything you’ll need (the checklist, suggested email re-subscription wording, Privacy Policy, cookie policy, etc).

The pack contains instant access to:

  • Email for refreshing consent
  • GDPR compliant privacy policy
  • GDPR checklist inc processing checklist
  • Data processing inventory
  • Legitimate Interests Assessment form
  • Data transfer checklist
  • Marketing checklist
  • Records retention policy
  • DPO checklist
  • Employer checklist
  • Employee privacy statement
  • Employee subject access request form
  • Response to employee subject access request
  • Processor agreement
  • Subject access record
  • Data breach record
  • Data breach checklist
  • DPIA form

The pack costs £197 via this link, and gives you instant access.

These are written by Suzanne Dibble, who is a multi-award winning business lawyer who consults with multi-nationals on data protection law and the upcoming GDPR. She is one of the few lawyers who really understands small business owners and puts law and regulation in the context of your business. There has been a lot of scaremongering and hype about GDPR (with the headline fines of €20m) and Suzanne brings a practical, balanced approach.

Suzanne has also recorded a number of ‘plain English’ Facebook videos around GDPR compliance which you can see

Free GDPR Guidance Videos

This page here lists all of Suzanne’s GDPR videos so feel free to browse them. They include many relevant topics, such as:

 

This is the information IJL Web Solutions are using to ensure we meet the compliance requirements of GDPR, and we can personally highly recommend them.

We truly hopefully this information has helped you to relax and worry a little less about GDPR compliance!

 

Please note: the GDPR Pack link is an affiliate link from which we earn a small fee, you can of course order direct if you wish, but the cost/support/product is exactly the same to you.

Is your website secure and are your plugins updated?

When managed effectively, WordPress is a fantastic tool and is well protected, but there are certain measures that any website owner must take to ensure their website and plugins remain secure.

In addition to the vital WordPress updates, you also need to be vigilant with the plugins which your website uses, and ensure they are also monitored and updated, as the recent incident we discuss below highlights.

Plugins need to be updatedNot confident in managing the security of your WordPress website and plugins yourself?
IJL Web Solutions offer a monthly plugins/security service as part of which we ensure that the WordPress, theme and all plugins are kept up to date. During this we first back-up the site to a remote location, perform the required updates and then test. If anything fails we restore the back up and discuss with you, to decide how to proceed. Often this will include replacing the plugin with an alternative (when one is delisted or no longer kept up to date). This provides peace-of-mind, ensures that you have the reassurance that all updates are checked and updated regularly. For more details please contact us.

A recent article from Wordfence, highlights a great example of where our plugins/security service would have been invaluable. Issues like this are picked up with our service, but can be missed by yourself.

 

“If you have a plugin called “Display Widgets” on your WordPress website, remove it immediately. The last three releases of the plugin have contained code that allows the author to publish any content on your site. It is a backdoor. The authors of this plugin have been using the backdoor to publish spam content to sites running their plugin.”

“This company and the individuals behind it appear to be responsible for injecting malicious code into a plugin used by over 200,000 websites.”

 

The WordFence blog covers article gives the full detail:
www.wordfence.com/blog/2017/09/display-widgets-malware/

XSS Vulnerability found in Product Vendors Plugin for WooCommerce

Do you use the ‘Product Vendors’ Plugin for WooCommerce on your website?

Important information of an  XSS Vulnerability found today

A reflected cross site scripting vulnerability has been reported in a premium WordPress plugin for WooCommerce called the ‘Product Vendors‘ plugin, which is used by nearly 30% of all online WooCommerce onl;ine shopping sites.

This affects Product Vendors version 2.0.35.

Website security

If you are using this plugin, you need to upgrade immediately to at least version 2.0.36, which includes the fix. The current version of Product Vendors is 2.0.40.

For more information and to keep informed of current web security issues, we highly recommend following the Wordfence website and blog

Support available whenever you need it – 24/7

Do you have access to 24/7 support, 365 days a year?

Easy access to a knowledgable help service, who talk in plain English?

IJL Web Solutions provide personal support, whenever it’s needed

You need the reassurance that you can access technical support whenever you may need it, at IJL Web Solutions provide just that for all our hosting customers.

Help and support

As well as our front end support which our clients can contact directly and which runs seven days a week, we also have direct access to a backend has a team of around 15 server admins with senior server admins specialising in cPanel, Linux, MySQL and security. The server team is online 24/7/365 and we also use a range of comprehensive server monitoring software to ensure the smooth running of all servers at all times.

So for detailed technical support, or just some advice around running your website, you can be rest assured that we are here to help you, whenever you may need us.

How can we support you today?

 

Free SSL/HTTPS encryption for every website we host

Have you heard talk about SSL certificates and how Google are penalising websites which aren’t secure?

Secure green SSL padlock icon shown by Chrome
The ‘secure’ green padlock icon, as shown when using the Chrome browser

Have you noticed the green padlock icon on some websites and not on others?

We offer free SSL encyrption with our shared hosting packages

Back in 2016 Google Chrome announced that it will be marking on-HTTPS websites as ‘insecure’. Anyone using the Chrome browser visiting a website which does not have an SSL certificate will see a red X over the padlock symbol, indicating that the site is not secure.

Green SSL 'secure' padlock in the Firefox browser
The green ‘secure connection’ padlock, as shown when using the Firefox browser

Firefox has also floowed suite and now willshow a green ‘secure’ padlock simbol only if the website has encryption in place and is delivering content via https

With search engines and browsers now pushing for SSL/HTTPS on all websites, all website ownersshould be updating existing sites and ensuring all new sites are built with SSL/HTTPS in place.

A major stumbling block so far has been the cost of buying SSLs and the limitations of installing SSLs on shared IPs. However, we are offering a free solution to all our shred hosting ciustomers , with a free SSL certificate issued via “Let’s Encrypt”.

Enable https for your website or to find out more

Getting started with Let’s Encrypt

Using free Let’s Encrypt SSLs could not be easier:

  1. Sign up to our Web Hosting
  2. Configure your site to use SSL/HTTPS (we can help)
  3. DONE! You are now running over SSL/HTTPS

read the full article …

WordPress Backups are critical – so who does yours?

Cloud WordPress backupsIf your WordPress site is compromised or your server fails, having access to a recent WordPress backups can make your life considerably easier. The fastest way to recover from a hacked website is to restore the latest version of the site that existed prior to the hack. You will still need to close the security hole the attacker used to compromise your site after your site is back up and running, but at least you’ll have your site back to working order in hours or even minutes.

 

How often should you back up your site?

The frequency with which you should back up your WordPress site should be determined primarily by how often your content changes. Sites that change infrequently may be able to get by with weekly WordPress backups. Sites with constant updates, like new users, blog posts and comments may need to be backed up hourly. Many websites will be somewhere in between.

 

How should I manage my WordPress backups?

The easiest way to manage your WordPress backups is via a plugin that meets your needs. There are a wide variety of options available, and depending on the cost and settings, some can perform regular automated backups. Backup location is also vital to consider – most solutions allow you to store your back-up in various locations, but it is crucial that this is carefully considered. Backing up up to a folder where your website is can be futile if your server crashes, and backing up to your laptop is pointless if your hard-drive fails. Its critical that backups are stored in a location separate physically and geographically from your website.

Contact us about our WordPress plugins/security service

 

read the full article …

Is your router is vulnerable to being used to hack WordPress websites?

Its been revealed that over 6% of all attacks on WordPress sites come from hacked home routers.

In one month alone, over 57,000 unique home routers we used to attack WordPress sites.

Those home networks are now being explored by hackers who have full access to them via the hacked home router. They can access workstations, mobile devices, wifi cameras and any other devices that use the home WiFi network.

Luckily the fabulous guys at Wordfence have provided an easy-to-use online tool, which can quickly check if the router you are using is vulnerable to this vulnerability.

For full details, a link to the tool and details of what to do if you do find you are are vulnerable follow this link: Wordfence Router Check

At IJL Web Solutions we take security seriously, and Wordfence is just one of the tools we use to help secure our clients websites, data and information. If you’d like more information on this, or we can help in any way regarding website development or management, please don’t hesitate to contact us … we love to talk!

23 Ecommerce ‘Landing Page’ ideas to help increase sales

Are you reaching your potential when it comes to converting your ecommerce visitors?

According to a recent Deloitte study, on average 54% of visitors abandon their shopping carts.

According to Marketo, approximately 96% of visitors are not ready to buy when arriving at your ecommerce landing page.

With those odds stacked against you, are you doing as much as you can to seal the deal?

By 2018, Ecommerce sales are expected to grow to more than $400 billion. Wanna claim your piece of the growing pie?

Check out these 23 ecommerce landing page ideas from Klient Boost that you can try out for yourself … read the full article here

Achieving conversions is critical for all e-commerce stores – but some of the obvious solutions are easily forgotten

All online retailers know that converting browsers to buyers is critical, as there are often hundreds of other online stores out there who are competingy for those sales.

Getting customers to visit your store is a huge part of online selling, but making sure that your potential customers actually completes the ordering process and goes through to completeing the payment is vital for true e-commerce success. The success of tunring visitors into shoppers is called ‘conversion’ and your conversion rate is vital.

The guys at Ready Cloud wrote a fantastic article reminding us of some of the many tips for maximising conversion rates. Some of these are new ideas and many are obvious, but sometimes we all need reminding!

Some of the fantastic suggestions include:

  • Offering cheap (or even free) shipping
  • Fine-tuning your ‘Unique Selling Point’ (USP)
  • Offering mutliple, secure Checkout options
  • Making the checkout process take as few clicks as possible
  • Throw a lifeline to customers who have abandoned the checkout without paying
  • Feature ‘live-chat’ support
  • Using the highest quality photos, and showing multiple different viewpoints and angles
  • Providing clear and detailed delivery & returns information
  • Present lots of genuine customer reviews to help bild confidence
  • Include product videos

This fascinating article is well worth a read for anyone who sells online.

Read the full article on the Ready Cloud website