General Data Protection Regulation (GDPR) is a regulation that has been passed by the European Union (EU) to protect and strengthen individual’s personal data on the internet. Does your website collect personal data from your visitors? Do you do business with the EU? If so, your company’s website must be updated by May 25, 2018 in order to remain compliant. Companies that fail to update their website will be subject to massive fines.
The definition of personal data in regards to this regulation is “‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.” The primary objective of the General Data Protection Regulation (GDPR) is to give citizens control of their personal data.
It is important to add a notification that needs to be acknowledged regarding cookies.
If you would like to scan your website for cookies, this company will run a free scan for you and present their findings: https://www.cookiebot.com/en/
Google recently emailed a GDPR update regarding Google Analytics. They are committed to staying in front of this regulation and will continue to work on their policies and features to help with the transition. “As always, we remain committed to providing ways to safeguard your data. Google Analytics and Analytics 360 will continue to offer a number of other features and policies around data collection, use, and retention to assist you in safeguarding your data. For example, features for customizable cookie settings, privacy controls, data sharing settings, data deletion on account termination, and IP anonymization may prove useful as you evaluate the impact of the GDPR for your company’s unique situation and Analytics implementation.”
If you would like to learn more how Google is handling GDPR compliance click here: https://searchenginewatch.com/2018/05/09/is-google-analytics-compliant-with-gdpr/
For any forms on your website, evaluate the fields to make sure they are necessary. Your company is required to have a way for customers to opt out of you having access to their personal information. GDPR specifically bans pre-ticked opt-in boxes.
Learn more about Form Regulation: https://www.demandlab.com/insights/blog/omg-gdpr-6-tips-get-forms-consents-regulation-ready/
Under GDPR, individuals have the right to receive a copy of the personal information held by a company. This is known as a subject access request. Businesses are obligated to comply with these requests in a timely manner under GDPR.
Provide the identity and contact details of the data controller in your company (GDPR). Your company must have a designated data controller in order to remain compliant.
Disclose that the visitor is entitled to access, correct, delete and limit processing of personal data. Disclose that the visitor is entitled to receive personal data so that they can be used by another processor. Disclose that the visitor has the right to lodge a complaint with a supervisory authority.
One of the biggest components of GDPR is the ability for people to request the removal of their personal data from your website, servers, and any third parties that you may have shared it with. You can do this by a form on your website or have them contact your onsite data controller.
If you still have questions regarding this regulation below are a few articles:
If you use Wordpress there are plugins available to assist with the transition: