Is Your Website GDPR Compliant?

As we are well aware of the fact that the General Data Protection Regulation (GDPR) is the replacement for the Data Protection Directive 95/46/EC.

Now, what is GDPR??? The GDPR gives EU (European Union) citizens control of their digital data by empowering them with the right to know when personal data is being collected, what type of data is being collected, access to that data, and to eradicate it on request. In short, the GDPR is a data privacy regulation that modernizes and normalizes data privacy laws across Europe and applies to any organization collecting data on EU citizens.

The EU’s new data privacy regulations are fast approaching and if you own a website, this could affect you. In brief, Europe’s General Data Protection Regulation (GDPR) will enforce stricter regulations to data collection that impacts any EU citizen, regardless of where you and your website is based. These new regulations take effect on May 25, 2018.

This new regulation could affect the contact or info forms users fill out on your page. To comply with the GDRP, every website owner should add an option to our Builder Contact addon. The new option will allow you to display a consent checkbox to your viewers with the text “I consent to my submitted data being collected and stored”, or something to that effect, anytime they fill out a contact form. The checkbox will be a required field that the viewer must select in order to submit the contact form.

In order to take advantage of this new feature, update your Website’s existing features to the latest version! Given below are some essential points to be considered while updating your website to make it GDPR compliant.

Newsletter Sign-ups

If your website is providing a facility for users to sign up for newsletter subscription, you need to make sure that the tick box that handles this subscription is set to Opt-In & not Opt-Out. This must be followed in order to seek consent for each newsletter you plan to email them. There must be separate opt-in tick boxes for each place you gather the data on the site. For example, If a user signs up to a service they buy on your website, they will have to tick a box to accept the terms of that service. Make sure that the emails you send out all have an unsubscribe link, too.

User Account Creation

If you have an E-commerce Website where the user needs to register and create an account to access the services, you will need to ensure that you have both the SSL installed and also work toward the data being stored using pseudonyms.

Payment Gateways

You will have to be very careful while working out the payment gateway procedure. In-case you are the owner of an E-commerce website and use one of the popular payment gateways, such as PayPal, Sagepay, Worldpay or Stripe, you need to make sure that the payment gateway privacy policies are checked and referenced in your own privacy policy.

Inquiry & Contact Form

If your website is providing any sort of contact form or inquiry form for people to send messages to you, then you must ensure all the points given below:

  • • The website should be SSL certified

  • • The details are not stored in the website’s SQL database in the encrypted form.

  • • If an email is sent to you by your email service provider, then they must follow the GDPR guidelines.

  • Email is one of the most common places where private data gets abused and lost or misused. Many email service providers, like Google mail and outlook 365 are updating their terms of service in accordance with GDPR – it’s worth checking their policies to make sure your email provider complies.

    Live Chats

    The rules & regulation of GDPR apply on Live Chat Box as well. If your website has a live chat service then you must ensure the third-party service on your website’s privacy policy. You may think the data isn’t being stored anywhere, but it is – very often the transcript of the chat is emailed to both parties once completed.

    Connected E-mail

    Whilst not strictly website-related, all your email services and the storage of email must be stored in accordance with DPA (Data Protection Act) & GDPR guidelines. You must ensure to store your email data securely. Prefer good anti-virus apps, and also get rid of spam emails. You should also have a Data Retention Policy in place by which your organization follows in terms of how you store data and for how long before it is deleted.

    Social Media Account Connection

    Social Media is one such online platform where you should be extra careful while filling out all the details. You need not require to seek permission from each and every person who ‘likes’ your page or follows you. The person-in-charge must ensure that any information gathered directly from people on these sites is handled in accordance with the GDPR privacy guidelines. Get an official mail from the person so that you can hold the formal connection outside of a social media channel. You also need to ensure that, if you use the details of your customers or connections on your social media page to promote your business that you have their consent to do so.

    Google Analytics (and other user tracking systems)

    If you run Google Analytics on your site (or any other tracking service) you will need to make sure that it is referred to in the cookie policy and the privacy policy and that you ensure you check the third party’s own privacy policy to ensure they comply. We already know that Google Analytics will be both GDPR and Privacy Shield compliant, but other, lesser-known tracking services may not be.