HOW TO PREPARE A WEBSITE FOR GDPR COMPLIANCE?
What is the General Data Protection Regulation?
The General Data Protection Regulation (GDPR) is the regulation by which the European Parliament, the Council of the European Union, and the European Commission harmonize the protection of personal data for all individuals within the European Union.
The regulation primarily aims to give EU citizens control over their own personal data, establish rules for its processing and free movement, both within and outside the EU due to the cross-border nature of digital data. More information about the regulation can be found on the website of the European Commission.
What needs to be done to comply with the regulation?
Clearly and transparently inform your website visitors about how you collect, store, and use their data.
Upon a user’s request of your website, you must provide a copy of the data collected and processed by you in a readable form.
Grant users the right to delete, edit, and restrict the use of their data. The user has the right to send you a request for complete deletion or modification of their data.
Notify users about data breaches. Under the new rules, you are required to inform supervisory authorities and users about any violations and leaks of personal data. Such notification must be sent within 72 hours of discovering the problem.
How can you ensure that your website complies with this regulation?
- Create and publish a privacy policy on your website.
A privacy policy is a statement that describes how your website collects, uses, discloses, and manages data from visitors to your website. Indicate in your privacy policy what information you collect, in what way, and how you use it.
Inform users about the use of cookies on your website. To ensure the correct operation of websites on the Vigbo platform, cookies are currently used to identify the devices from which the user accesses your website, as well as cookies that enable the proper functioning of the store, especially the shopping cart.
Note on cookies used by third-party resources (Google Analytics, Facebook Custom Audiences (Facebook Pixel), email services). It is worth mentioning that no analysis and data collection tools are used by default on your websites. As the owner of the website, you are responsible for informing your visitors about the services and tracking technologies that your website receives, processes, and stores their data.
IMPORTANT: This guide is not legal advice on writing a privacy policy. We only provide some hints on the requirements of the GDPR and general data protection regulations.
You can view examples of privacy policies on relevant websites, such as seqlegal.com
2.Update the Terms of Use Agreement.
Add information about the processing of personal data to your contract or terms of use agreement if you use it to provide your services.
3.Obtain the user’s consent to data processing.
Place a link to the privacy policy on all pages of your website, e.g., in the footer or under each form on the website, in the order form in the online store, in the subscription widget.
If you want to obtain “explicit consent” from your website visitors before processing their data, you can do this through the checkbox in the feedback form on the order form. If you use MailChimp or other email marketing tools, you need to add a disclaimer next to the “Subscribe” button informing your website visitors that they are subscribing to your marketing campaigns when they click the button. More information on adding a privacy policy can be found at How to Add a Privacy Policy to a Website.
To explicitly consent to the cookie policy, you can use popup notifications from third-party services, such as cookieconsent.insites.com.
If you want to receive implicit consent (“implied consent”), simply add a text like “By clicking the ‘Send’ button, you agree that your data will be processed…” in any form on your website.
- Ensure that third-party applications on your website comply with the regulations.
According to the GDPR, you are responsible for all third-party applications hosted on your website. These applications may include tools for collecting and analyzing user data (e.g., Google Analytics, Facebook Custom Audiences (Facebook Pixel), etc.). Make sure that the apps you use are also GDPR compliant. If you are not sure, please contact these services directly for clarification.
- Connect the SSL certificate to your site.
To ensure that all data collected on your website is encrypted and protected, activate the https protocol on your website. The process of connecting a certificate is described in detail in the manual SSL Certificate Connection.
IMPORTANT: This guide is not legal advice. To fully meet the requirements of the regulation, you may need to consult lawyers for your location and business to ensure that you fully consider all aspects and requirements set out in this legal document.