If you own a website, want to set up an online store or a presentation site, you are definitely in the area where you collect personal data from customers in the EU area. Whether it’s names and email addresses, so you can send the monthly or weekly newsletter, take payment card details on the online store, or use cookies to better understand the behaviour of visitors, all fall into this area.
For whatever reason, area of practice or purpose, you are subject to the EU General Data Protection Regulation (GDPR), a law designed to secure the data of EU residents and defend their rights to data protection.
Entered into force since May 25, 2018, the law has previously requested all websites to use GDPR implementation services. And, even if that period could be postponed, it is now mandatory for any online entity that collects personal data. To be sure that you are ready to implement GDPR for the website you need to consider a few important things:
In essence, the GDPR says there is less chance of the data being used for the wrong purposes, if fewer are collected. At present, it is strictly forbidden to collect personal data at random and in waves, to create a database and use it for your own purposes or, worse, given the conditions under the law, to sell them. Instead, you need to have a well-crafted plan for how you intend to use people’s data and justify them by using legal arguments.
Currently, consent is the most common legal reason, but the GDPR tightens the rules for obtaining and retaining it, so organizations should only use it unless other reasons apply. There are detailed rules for asking for consent, which varies depending on what type of information you want and from whom you want it. Sensitive personal data requires explicit consent and there are separate requirements for obtaining consent from children.
After you have formed a clear picture of the data collected and why you do it, you must inform the data subjects through the privacy policy.
Policies should be written in clear language, explaining how data is collected, where they are stored, for how long they are stored – because the GDPR states that you can only hold them for a definite period – and what rights people have to give approval themselves.
These rights include:
Cookies are subject to GDPR only if they concern personal data. Many cookies fall into this category, such as those used for analytics, advertising and other services.
You must consider all cookies that contain personal data and state whether there is a legitimate and specific reason for using them. If there is a reason, then your website should clarify this.
Any company must have written evidence to justify data collection practices. In the event of an infringement, an investigation is conducted in which the requirements of the regulation are analysed.
Fill in the form below, and we will contact you in less than 2 hours!