Gone are the days when you were able to access and store users information from your websites with less effort and little responsibility. And if you kept doing so, get ready to be washed away by the GDPR wave. General Data Protection Regulation Act enforced by the Europian Union for protecting its citizen’s online data will come into effect on 25th may 2018. So, is your business/website ready to stand this big wave by making your website GDPR compliant?
You better be, for non-compliance will fetch you a fine of a sum of 20 million euro or 4% of the annual global turnover- whichever is greater. Why would you suffer such a huge loss when you can to make it all good within the allowed time. This article will shed light on the necessary changes you should make on your website for making it GDPR compliant.
What is GDPR?
GDPR is a non-negotiable online data privacy legislation put forth by the Europian union to protect the way each of its citizen’s personal data is collected, stored, processed and distributed by any business organization or websites. In simple terms, it aims to provide EU citizens complete control over the data that they provide online and a level playing field for all companies that deal with their data.
Definition of Personal Data in GDPR
According to the GDPR, any data that can be used to identify the individual directly or indirectly(information in combination with other information) can be termed as personal data. What identifies an individual could be as simple as a name or a number or could include other identifiers such as an IP address or a cookie identifier, or other factors.
Who will be affected by GDPR?
Want to know if the law applies to you?
This law applies to every organization from across the world who has access to the personal data of people living in the Europian Union. Thus no matter if you are from a different geographic location or are collecting only basic information you are under the radar too.
Now let’s get into the business. Here is a list of the major components of your website which you need to alter ASAP for making your website GDPR compliant and to avoid any bitter consequences.
You need to state clearly under terms and conditions why the data is being asked, used, by whom, where it is stored, for how long and you should also specify to users where they can find their data and how they can go about erasing (the right to be forgotten) it as and when they prefer.
2. Cookies Consent
These kind of cookie consent forms are not enough anymore. A GDPR-compliant consent form should include in its banner easy options to either accept or reject consent easily.
3. Website Forms
By opening any website the user will be asked to fill out forms for subscribing to their newsletter or for some other purposes. Although GDPR doesn’t forbid including such forms on websites, they have given strict instructions on the structure of such forms. They are as given below.
- Forms on your website must no longer include pre-ticked boxes as it is considered implied consent and not freely given one.
- Users should be able to provide separate consent for different types of processing. For example, an option to be contacted by post, email, or telephone as three separate tick boxes.
- If you are asking for permission to pass details onto a third party – again, you need another tick box.
- If you are collecting data through one website on behalf of several third-parties, then you need to clearly give an opt-in option for each party.
4. Online Payment
GDPR is most effective for individuals when it comes to online payments. Data thefts(credentials of ATM cards, banking Id’s etc) mostly happen during online payments and compliance to GDPR will help reduce such incidents to great extent. If you are running an eCommerce store you will definitely have an online payment gateway active on your website for financial transactions. Thus you need to be very careful and aware of the data your website collects from the users before passing it on to the respective payment gateway. If you are still storing these details after it has been passed on, then you might have some system settings to automatically remove these data after a reasonable period. Although GDPR doesn’t mention the number of days, it could be up to 60 days.
5. Plugins that Ask Personal Data
Plugins are essential for the smooth functioning of the website and for better customer experience. But many plugins used for social login, communications etc ask for personal details of the users. Thus you need to make sure before adding them to your website or when updating that they are GDPR compliant or you should take necessary steps to make them so.
6. Easy Opt-in and Opt-out
You should make sure that your website provides easy options in plain language for users to opt-in and opt-out of the services or subscription offered by your website. Ie; you need to ensure your website has proper and easily noticeable unsubscribe links.
7. Data Breach
According to the GDPR norms, it is important that you inform the data protection officers and if necessary users about any kind of data breach that happens with the information they have provided online so that they can make necessary precautions to avoid such attempts in the future.
Although these are the necessary requirements for making your website GDPR compliant, as a website owner you are the only person who is aware and responsible for even the narrow shortcomings that are capable of jeopardizing the GDPR compliance of your website. Thus a thorough examination of each part of your website is necessary to avoid any such complications in the future.