gdpr-compliant-website

Is my Website GDPR Compliant?

For a website that is catering to an audience from the European Union, it is necessary to be compliant with their privacy laws. More specifically, the General Data Protection Regulation. Even if your website is not based in any of the states in the European Union, the laws apply to you too if you are getting traffic from the EU.

The GDPR which came into effect on  May 25th, 2018 aiming to protect their citizens' data online and to give the absolute control over the data to the users. The laws are to bring a lot of changes and make a huge impact on many aspects of a website - design, marketing, etc. This article will help you review your website for the GDPR compliance and check whether there is something that has been left unnoticed.

Identify Where the Changes are Needed

The first step is identifying the areas in your website that collect personal information or user data. The following are some of the key methods with which websites collect user information.

Contact Forms

It is uncommon for a website not to have a contact form. It helps the website to help increase the engagements with the users and help them reach out to you. Some of the data that the users enter while using a contact form is personally identifiable and should be paid attention to when collecting these data.

Email Marketing

Email subscriptions are a very effective tool for a website for online marketing. But it requires users email address which comes under the category of personally identifiable user data. Proper care should be taken when it comes to understanding how this data is handled with. The customers should not be getting any unwanted emails in their inbox without their consent.

Online Payment

If your website is an e-commerce website, you will be using an online payment gateway. While making online transactions users are required to enter their personal information which may also include their address to where the product is to be delivered if the website is selling physical products. This information will also be stored on the website for record keeping purposes.

Cookies

Cookies are small text files that are used to store data. Many a time, users are not even aware of such files being added to their browsers and data being stored. Sometimes websites install cookies that stores information that helps the website or other third-party services about the users' behavior and interests.

If the website uses a third-party for analytics or advertisement purposes, they will be collecting the data required for them by the means of cookies. So, if your website uses third-party services, they will be installing cookies for their functionalities.

To know what cookies are used by your website, read this article. You can also use this free online tool to scan and list the cookies present in the given URL.

What Makes my Website GDPR Compliant?

On the way to GDPR compliance, the first step is to analyze how your website handles data in the first place. Determine the flow of user data in your website. It will be useful to find the answers to the following questions.

  • Does the website collect user data via contact forms, cookies, etc?
  • Does your website store user information
  • What is the purpose of the data?
  • What happens to the data collected?
  • Is the data collected, stored, and processed in a secure manner?
  • To whom are these data shared with?

Now to ensure that your website is compliant, make sure your website follows the requirements below.

Does the Website Inform the Users

It is highly unlikely that your website does not collect any data. It could be for analytics purposes that enables you to see how your website is doing and how you can improve your website's user experience. Whatever the purpose may be, update your existing privacy and cookie policy or create a new one, where the users can read all about it.

It is necessary to write the policies in a way that users are not left scratching their heads and leave without understanding what actually is being done with their data. The whole point in making your website GDPR complaint is to be as transparent as possible to the users.

So when a user inputs their data using a contact form, when opting for an email subscription, they must be opting to do so with the knowledge of how their data will be stored and used. Also in the case of cookies, the users should be informed of the use of cookies right away when the users visit the website by the means of a cookie banner. This is mainly because the general user might not even be aware of the existence of such cookies on a website. Proper cookie policy and explaining the purpose of the cookies will help them understand about cookies and the data collected by them.

To know the requirements of a GDPR compliant cookie policy, read this article.

Take Explicit Consent

Next, wherever your website is collecting data from the users, it should be with consent. The whole point is to take explicit and informed consent from the users. For example, in the case of email subscriptions, the users should only be getting subscriptions newsletters if they have explicitly opted for one by the means of entering their email address and clicking on a button. 

Taking explicit consent is a bit tricky when it comes to the data collected by the cookies. If your website uses cookies that in any way tracks the users or user behavior, it is necessary that the users be informed of this. The users should be informed and their consent should be taken right away when they visit the website. The consent should be in the form of an action performed by the user like by clicking a button or ticking a checkbox.

Withdraw Consent

It should be easy for the users to withdraw their consent. If they have given their consent once, there should be a way for the users to reverse and to withdraw their consent so that there are no further data collection from the website. 

Honor the Rights of the Users

GDPR law aims to give the users complete control over their data. This gives the users a lot of rights over the data that are collected, for example, the right to be forgotten, right to rectification, etc. Be informed of these rights and plan how to implement them in your organization. 

Keep a Record of the Consent

You might need to furnish a record of the users' consent as proof. So it is important to keep a log of all the users with relevant information about the consent like the timestamp, or the IP address from which the consent was given, etc.

Secure Storage of Data

Is the data collected from the users stored in a secure manner, both in human and technology perspective? There should be ample security measures in place in order to protect the users' data from breaches. And in case of a breach, the users should be informed of such an event. This will help the users take the necessary steps to secure their data to minimize the damage.

Legal Arrangements

Is there a Data Controller or Data processor in your organization and are the right legal arrangements in place? The best way to go about it if you are having trouble with GDPR compliance is to seek expert legal advice. Many smaller organizations might not have the access to get legal advice instead they can look out for the more reliable sources online.

Disclaimer: Please note that while we make it a point to deliver the most accurate information possible, this article, however, should not be treated as legal advice. The website owners should seek legal advice if needed to know what is best for their website or app depending on which further actions may be required to fully comply with the law.

Make Your Website GDPR Compliant With CookieYes

CookieYes is a new and easy solution to make your website comply with the GDPR Cookie Law from Cookie Law Info. Join the 400,000+ website using our solutions now!

Share this post