Is Your Website GDPR Compliant?
As we are well aware of the fact that the General Data Protection Regulation (GDPR) is the replacement for the Data Protection Directive 95/46/EC.
Now, what is GDPR??? The GDPR gives EU (European Union) citizens control of their digital data by empowering them with the right to know when personal data is being collected, what type of data is being collected, access to that data, and to eradicate it on request. In short, the GDPR is a data privacy regulation that modernizes and normalizes data privacy laws across Europe and applies to any organization collecting data on EU citizens.
The EU’s new data privacy regulations are fast approaching and if you own a website, this could affect you. In brief, Europe’s General Data Protection Regulation (GDPR) will enforce stricter regulations to data collection that impacts any EU citizen, regardless of where you and your website is based. These new regulations take effect on May 25, 2018.
This new regulation could affect the contact or info forms users fill out on your page. To comply with the GDRP, every website owner should add an option to our Builder Contact addon. The new option will allow you to display a consent checkbox to your viewers with the text “I consent to my submitted data being collected and stored”, or something to that effect, anytime they fill out a contact form. The checkbox will be a required field that the viewer must select in order to submit the contact form.
In order to take advantage of this new feature, update your Website’s existing features to the latest version! Given below are some essential points to be considered while updating your website to make it GDPR compliant.
If your website is providing a facility for users to sign up for newsletter subscription, you need to make sure that the tick box that handles this subscription is set to Opt-In & not Opt-Out. This must be followed in order to seek consent for each newsletter you plan to email them. There must be separate opt-in tick boxes for each place you gather the data on the site. For example, If a user signs up to a service they buy on your website, they will have to tick a box to accept the terms of that service. Make sure that the emails you send out all have an unsubscribe link, too.
If you have an E-commerce Website where the user needs to register and create an account to access the services, you will need to ensure that you have both the SSL installed and also work toward the data being stored using pseudonyms.
If your website is providing any sort of contact form or inquiry form for people to send messages to you, then you must ensure all the points given below:
- • The website should be SSL certified
- • The details are not stored in the website’s SQL database in the encrypted form.
- • If an email is sent to you by your email service provider, then they must follow the GDPR guidelines.
Email is one of the most common places where private data gets abused and lost or misused. Many email service providers, like Google mail and outlook 365 are updating their terms of service in accordance with GDPR – it’s worth checking their policies to make sure your email provider complies.
Whilst not strictly website-related, all your email services and the storage of email must be stored in accordance with DPA (Data Protection Act) & GDPR guidelines. You must ensure to store your email data securely. Prefer good anti-virus apps, and also get rid of spam emails. You should also have a Data Retention Policy in place by which your organization follows in terms of how you store data and for how long before it is deleted.
Social Media is one such online platform where you should be extra careful while filling out all the details. You need not require to seek permission from each and every person who ‘likes’ your page or follows you. The person-in-charge must ensure that any information gathered directly from people on these sites is handled in accordance with the GDPR privacy guidelines. Get an official mail from the person so that you can hold the formal connection outside of a social media channel. You also need to ensure that, if you use the details of your customers or connections on your social media page to promote your business that you have their consent to do so.