With an execution date of May 25, 2018, the GDPR is designed to unify data privacy requirements across the European Union (EU). If you market or process the information of EU data subjects, which include end users, customers and employees, you must learn to address these key requirements.
Does your website meet the GDPR requirements that took effect in May 2018? Here are some changes you should make to your website now to stay on the right side of the law and to keep your customers happy …
Forms: Active Opt-In
Forms that invite users to subscribe to newsletters or indicate contact preferences should be set to “no” or blank. You should check your forms to make sure this is the case.
Privacy Notice and Terms and Conditions
You must also add or update your terms and conditions for GDPR compliance website. In particular, you should make it transparent what you will do with the information once you have received it, and for how long you will keep this information both on your website and in your office systems.
Online payments
If you are an e-commerce business, you are probably using a payment gateway for financial transactions. Your own website can collect personal data before passing the details to the payment gateway.
Google Analytics and Google Tag Manager
Many websites are set up to use Google Analytics to track user behavior. Google Analytics has always been an anonymous tracking system. No “personal data” is collected, so I believe that GDPR does not affect its use.
With respect to Google Tag Manager; is a powerful tool that allows your website to send information to third-party applications by inserting small amounts of code. You can integrate internal data repositories, as well as external remarketing and reorientation systems, and a host of other services. The problem for companies with respect to Tag Manager is to ensure that you have a contract with people who have access to your Tag Manager (who may well be your web designer or digital marketing agency) to make sure they understand their legal responsibilities as a data processor in your name as a data controller.
Therefore, the underlying problem with the new GDPR is to identify and establish contracts with third-party data processors to protect their own interests.
Your website must comply with GDPR
The changes introduced with GDPR will permeate your entire business, and in this article, we are focusing exclusively on your website.
When you start planning the details of your website, you will discover the cave of Aladdin problems that you should consider. The Information Commissioner has provided an excellent set of resources for your reference, but here are some key questions that must now be considered as we approach GDPR policy …
- You probably have a lot of personal information stored in various places in the company.
- Do you have a good understanding and a documented record of the data you have? Do you need to obtain or update the consent for the data you have?
- Do you have a defined policy on how long you retain your personal data, so you do not unnecessarily retain them and make sure they are up to date?
- Are your data kept secure, taking into account both technology and human factors in data security?
- If you are a data controller or data processor (or both), do you have the correct legal arrangements in place?