What is GDPR?
General Data Protection Regulation (GDPR) is a regulation that has been passed by the European Union (EU) to protect and strengthen individual’s personal data on the internet. Does your website collect personal data from your visitors? Do you do business with the EU? If so, your company’s website must be updated by May 25, 2018 in order to remain compliant. Companies that fail to update their website will be subject to massive fines.
What is “personal data”?
The definition of personal data in regards to this regulation is “‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.” The primary objective of the General Data Protection Regulation (GDPR) is to give citizens control of their personal data.
Below are a few examples of website updates to become compliant:
1. Cookie Updates
- Explain to the user the usage of cookies and options to reset
- Do not save any data in cookies, even encrypted
- Do not track behavior of anonymous users via cookie
It is important to add a notification that needs to be acknowledged regarding cookies.
If you would like to scan your website for cookies, this company will run a free scan for you and present their findings: https://www.cookiebot.com/en/
- IP addresses
- Postcodes/ZIP codes
- Long URLs with lots of user-specific attributes
Google recently emailed a GDPR update regarding Google Analytics. They are committed to staying in front of this regulation and will continue to work on their policies and features to help with the transition. “As always, we remain committed to providing ways to safeguard your data. Google Analytics and Analytics 360 will continue to offer a number of other features and policies around data collection, use, and retention to assist you in safeguarding your data. For example, features for customizable cookie settings, privacy controls, data sharing settings, data deletion on account termination, and IP anonymization may prove useful as you evaluate the impact of the GDPR for your company’s unique situation and Analytics implementation.”
If you would like to learn more how Google is handling GDPR compliance click here: https://searchenginewatch.com/2018/05/09/is-google-analytics-compliant-with-gdpr/
3. Form Updates
For any forms on your website, evaluate the fields to make sure they are necessary. Your company is required to have a way for customers to opt out of you having access to their personal information. GDPR specifically bans pre-ticked opt-in boxes.
Learn more about Form Regulation: https://www.demandlab.com/insights/blog/omg-gdpr-6-tips-get-forms-consents-regulation-ready/
4. Responds to Subject Access Requests in a Timely Manner
Under GDPR, individuals have the right to receive a copy of the personal information held by a company. This is known as a subject access request. Businesses are obligated to comply with these requests in a timely manner under GDPR.
Provide the identity and contact details of the data controller in your company (GDPR). Your company must have a designated data controller in order to remain compliant.
Disclose that the visitor is entitled to access, correct, delete and limit processing of personal data. Disclose that the visitor is entitled to receive personal data so that they can be used by another processor. Disclose that the visitor has the right to lodge a complaint with a supervisory authority.
6. Removal of Personal Data
One of the biggest components of GDPR is the ability for people to request the removal of their personal data from your website, servers, and any third parties that you may have shared it with. You can do this by a form on your website or have them contact your onsite data controller.
If you still have questions regarding this regulation below are a few articles:
If you use Wordpress there are plugins available to assist with the transition:
- WP GDPR Compliance Plugin https://wordpress.org/plugins/wp-gdpr-compliance/
With the WP GDPR Compliance plugin it is possible to automatically make Contact Form 7, WooCommerce and WordPress Comments GDPR compliant by adding a GDPR checkbox. By ticking this checkbox your visitors and customers explicitly allow you to handle their personal data for a defined purpose (i.e. taking care of their order).
- WP GDPR https://wordpress.org/plugins/wp-gdpr-core/#description
This plugin will help you dealing with users asking to see which personal data is collected on your website/store and will enable them to either download or ask for data removal.
Contact us today if you would like to discuss GDPR Compliance with your site.