Is the Squarespace Cookie Banner GDPR Compliant?

Squarespace
Written By Lucy O'Reilly

While I can’t offer legal advice, I am aware that GDPR rules are tighter since last October and this has affects anyone with a website!

So, here are some best practice tips that will help you get started with your GDPR compliance on your Squarespace site.

Remember when GDPR seemed like the biggest challenge businesses would have to face? You could be forgiven for forgetting all about it once the reminders and workshops ended. The anxiety about GDPR was quickly overtaken by more urgent concerns like trading during a global pandemic and Brexit.

And while thinking about GDPR might seem like a quaint throwback to much simpler times it is still very relevant to businesses. In fact the Irish Data Protection Commission began enforcing GDPR in October 2020. If your business has a website and you store users’ personal information you can’t just forget about GDPR. Doing this could mean an audit and possible fines from the Data Protection Commission.

Relying on an in-built Squarespace cookie banner is not enough for GDPR compliance, unfortunately.

Last week, the Squarespace Cookie and Visitor data panel was updated so that you can now add an Opt-Out cookie banner. This will allow visitors to your site to decline Squarespace cookies, in addition to the current functionality that allows them to accept Squarespace cookies. (Go to Settings/Cookies to enable/disable the Squarespace Cookie banner). Unfortunately this does not yet tick all the boxes when it comes to EU GDPR rules.

You can of course turn off all Squarespace Cookies and have nothing to worry about, but this means you can’t use the Squarespace Analytics function, collect email addresses, use third party tracking such as Google Analytics, a Facebook Pixel for re-marketing etc.

In order to comply, your cookie banner should have the following features:

  • opt-in consent from the user

  • give the user a way to withdraw consent

  • work with third party scripts (things like social sharing buttons, analytics and metric scripts)

In other words, unless you have recently added custom code from a GDPR compliancy service you need to take action now to ensure that your website is compliant.

GDPR and data privacy requirements are still very much an important part of your business. Yet many Irish businesses are missing important GDPR and data privacy requirements. These companies run the risk of being audited by the Data Protection Commission. Failing to get the correct measures in place could result in significant fines, lost trust with customers and reputational damage.

Managing data access requests from customers can also increase administration workload for you and your staff. Personal information stored could be as simple as contact details for a mailing list, or more complicated like information on allergies, past appointments and future treatments.

Unsurprisingly the first place the Data Commissioner is likely to spot check businesses is on their websites. There are four things that you need to be aware of when ensuring that your website is compliant. Once these four things are taken care of you can stop worrying about GDPR! Or at least move it further down the list again. Here are four areas that you need to make sure your business is fully compliant.

1. Privacy Policy

You must have a robust privacy policy in place. This should be explained clearly so that visitors to your website understand what data is collected and how it will be used. There’s not much point in copying and pasting another company’s privacy policy – this will be obvious to the Data Commissioner and probably to your customers also.

2. Cookies Policy

What cookies do you track when visitors come to your website? Do you have a clearly written cookies policy which accurately explains what is being tracked?

3. Cookies Tool

This gives visitors to your website control over which cookies they accept or reject while browsing. This is where Squarespace currently falls short of the requirements for Irish customers to be GDPR-compliant. Simply having a cookies banner or pop-up notification on your website is not enough to be compliant.

If all of this sounds like a daunting and unwelcome distraction from your business goals, there is help available! I can recommend two potential solutions:

Dataships, an Irish and US-based technology company specialising in GDPR and Data Privacy. They have clever automated software that will give you peace of mind when it comes to GDPR and Privacy Rights. They manage the intricacies of cookie consent, data tracking and privacy policies so that you don’t have to worry about being audited or fined for breach of GDPR regulations.

Set up is very straightforward and ready to go in 1-2 business days, and is tailored to meet your individual business’s needs. A privacy centre gives your customers direct access to their personal data on demand meaning you won’t be distracted by fulfilling data access requests.

Dataships’ subscriptions start at €149 per month. Their clients include Thérapie Clinic, Complete Fitness and Optilase Clinic, Strong Roots, AskPaul and many others. I can get you a 20% discount on this fee for the first year of your subscription. Contact Ryan at Dataships quoting Lucy20 to avail of the discount.

There are, of course, other alternatives available. One such is CookieYes which works with Squarespace websites. It’s also a subscription based service but they do have a free plan which I am advised is sufficient to cover you for the basic minimum. It will require a little effort on your part to integrate it with your website, or I can install the necessary scripts on your website for a once-off fee of €175+ vat. (€250+ vat if you need me to create the pages for your policies). Worth considering if you’re terrified of technology or would just prefer to use your time in another way. I also have a good working relationship with GDPR expert Eileen Ireland who can write your policies for you. Get in touch with me and I will make an introduction.

The only option that you really cannot afford to take is to do nothing. As the old legal cliché says “ignorance is no defence.” It really is only a matter of time before the Data Protection Commission start to crack down on non-compliant businesses. Don’t be the unlucky chosen one – opt out of being non-compliant and make sure that your business, your customers’ privacy and your reputation is protected.

* Note: I never recommend products or services that I don’t believe in. I may receive a small affiliate fee for business referrals to Dataships or Eileen Ireland but you are under no obligation to use their services.

Get in Touch if You Need Help!
Lucy O'Reilly https://www.designsforgrowth.ie
Previous

How long does it take to get a website up and running?
Next

Squarespace Secret Hacks and Shortcuts