What is GDPR? How does It affect my website?

Table of Contents

    Subscribe for Email Updates
    Finger print over lines of development code

    What is GDPR? 

    General Data Protection Regulation (GDPR) is a regulation that has been passed by the European Union (EU) to protect and strengthen individual’s personal data on the internet. Does your website collect personal data from your visitors? Do you do business with the EU? If so, your company’s website must be updated by May 25, 2018 in order to remain compliant. Companies that fail to update their website will be subject to massive fines.

    What is “personal data”?

    The definition of personal data in regards to this regulation is “‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.” The primary objective of the General Data Protection Regulation (GDPR) is to give citizens control of their personal data. 

    Below are a few examples of website updates to become compliant:

    1. Cookie Updates

    • Must declare and get the user consent for the cookie policy:
    • Use cookies only to manage user sessions and identify user preferences
    • Explain to the user the usage of cookies and options to reset
    • Do not save any data in cookies, even encrypted
    • Do not track behavior of anonymous users via cookie
    • Upon registration or during the login process get the user’s consent to the cookie policy

    It is important to add a notification that needs to be acknowledged regarding cookies.

    If you would like to scan your website for cookies, this company will run a free scan for you and present their findings: https://www.cookiebot.com/en/

    2. Analytics

    All European websites are required to get visitors to opt in to a cookie policy, which covers the use of the Google Analytics (GA) tracker cookie.  The simplest form of compliance, and what Google requires in the GA Terms of Use, is that you do not store any personally identifiable information. Other areas which could possibly be personally identifiable and you may need to discuss are:

    • IP addresses
    • Postcodes/ZIP codes
    • Long URLs with lots of user-specific attributes

    Google recently emailed a GDPR update regarding Google Analytics. They are committed to staying in front of this regulation and will continue to work on their policies and features to help with the transition. “As always, we remain committed to providing ways to safeguard your data. Google Analytics and Analytics 360 will continue to offer a number of other features and policies around data collection, use, and retention to assist you in safeguarding your data. For example, features for customizable cookie settings, privacy controls, data sharing settings, data deletion on account termination, and IP anonymization may prove useful as you evaluate the impact of the GDPR for your company’s unique situation and Analytics implementation.”

    If you would like to learn more how Google is handling GDPR compliance click here: https://searchenginewatch.com/2018/05/09/is-google-analytics-compliant-with-gdpr/

    3. Form Updates

    For any forms on your website, evaluate the fields to make sure they are necessary. Your company is required to have a way for customers to opt out of you having access to their personal information. GDPR specifically bans pre-ticked opt-in boxes.

    Learn more about Form Regulation: https://www.demandlab.com/resources/blog/omg-it-s-gdpr-6-tips-to-get-forms-and-consents-regulation-ready/

    4. Responds to Subject Access Requests in a Timely Manner

    Under GDPR, individuals have the right to receive a copy of the personal information held by a company. This is known as a subject access request. Businesses are obligated to comply with these requests in a timely manner under GDPR.

    5. Privacy Policy Updates

    Provide the identity and contact details of the data controller in your company (GDPR). Your company must have a designated data controller in order to remain compliant.

    An example:

    Disclose that the visitor is entitled to access, correct, delete and limit processing of personal data. Disclose that the visitor is entitled to receive personal data so that they can be used by another processor. Disclose that the visitor has the right to lodge a complaint with a supervisory authority.

    6.  Removal of Personal Data

    One of the biggest components of GDPR is the ability for people to request the removal of their personal data from your website, servers, and any third parties that you may have shared it with. You can do this by a form on your website or have them contact your onsite data controller.

    More Information:

    If you still have questions regarding this regulation below are a few articles:

    If you use Wordpress there are plugins available to assist with the transition:

    • WP GDPR Compliance Plugin https://wordpress.org/plugins/wp-gdpr-compliance/ 
      With the WP GDPR Compliance plugin it is possible to automatically make Contact Form 7, WooCommerce and WordPress Comments GDPR compliant by adding a GDPR checkbox. By ticking this checkbox your visitors and customers explicitly allow you to handle their personal data for a defined purpose (i.e. taking care of their order).
    • WP GDPR https://wordpress.org/plugins/wp-gdpr-core/#description
      This plugin will help you dealing with users asking to see which personal data is collected on your website/store and will enable them to either download or ask for data removal.
    Related Tags:
    Subscribe for Email Updates