How to make your site GDPR compliant?
“The GDPR is very broad in scope and can apply to businesses both in and outside of the EU. Websites that don’t comply with the GDPR could face heavy fines.”
WHAT IS GDPR? WHY IS IT IMPORTANT TO MAKE YOUR SITE GDPR?
The GDPR is a short form of General Data Protection Regulation, which joins into force on 25 May 2018. In order to build a harmonized data privacy law amongst all EU Member States, European lawmakers have passed it. Its aim is to:
– Promote privacy as a basic human right.
– Force employers that handle personal data to be accountable for the proper management of such data.
– Provide individuals with rights as to how their personal data is processed or otherwise used.
BASIC STEPS TO YOUR WEBSITE GDPR COMPLIANT
In this article, we will describe the basic steps to ensure that your website complies with GDPR, eventually helping you relax and get on with your site as usual.
1. REVIEW DATA COLLECTED ON THE WEBSITE
Check all the ways in which you collect data on the website, like forms, surveys, user accounts, and so on. It may also involve ways in which you personalize a user’s journey through a site. Remember that your CMS may also be writing cookies for your own technical requirements, so ensure that you check what cookies your website is writing and how this could be used on your return visits.
Please ensure the forms have the proper notification for what you are going to do with this collected information, and the user agrees, taking appropriate steps to agree. Look for just about any pre-checked boxes. And don’t forget to make sure that this is stored properly.
2. REVIEW ANY TOOLS FOR TRACKING/ANALYTICS
Check what tools you use to analyze your website, such as Google Analytics, Web trends, and so on., and ensure they are GDPR relevant.
Remember that just because you don’t do anything weird, third-party tools can actually track user data, so you need to realize what they’re doing and that they’re GDPR compliant.
Confirm if you are doing any individualized tracking, if so, you need to warn the client about it and get their permission. With this in mind, we would highly suggest anonymizing any analytics to make sure that you are up to date.
3. CHECK ANY THIRD-PARTY SERVICES USED ON YOUR WEBSITE
We’ve also talked about analytical software, such as Google Analytics, but you could have certain third-party services/solutions to track the user.
These need to be evaluated and analyzed to verify that they are GDPR compliant, make sure you fully understand what they’re doing and so that you can alert the customer of the GDPR site policy as well as determine whether you need to seek permission.
At the end of the day, you have to tell them what data you are collecting and what you are going to do with all this. Items to be included would be things like:
– Server Logs
– Analytics software
– Social media sharing buttons
– Chat systems
– Data gather by forms
– User accounts
It’s not quite enough to inform them what you’re collecting, but you also need to tell them what you’re going to do with data as well.
You must also provide information (with contact details) on who your Data Officer is so that an individual can interact with them to make any data requests
If you have followed these steps, then your website should be compliant with GDPR. As you can see, it’s all pretty simple and logical.
Mejix team has carried out all the research and preparation needed to prepare for the upcoming change. We want to assure that we educate and provide our services to our clients, making their website GDPR compliant.
Do you have more questions about how to comply with General Data Protection? We’re happy to help you!