Does my website comply with GDPR standards?
The subject is not new, since 2018 that the GDPR (General Data Protection Regulation) “torments” responsible companies that want to comply with the new data protection law, but there are still some doubts on how to do it, especially in their websites.
We will try to clarify this exactly, how to comply with the GDPR rules on your website, in a simple and clear way.
But first, let’s remember what GDPR means.
The General Data Protection Regulation corresponds to a legal document that covers all citizens of Europe, and is intended to regulate the protection of their personal data. Entities that collect or process the personal data of individuals are no longer able to use their personal information without their consent.
Please note that the penalty can be severe: non-compliance can result in fines ranging from 4% of revenues up to a limit of 20 million euros. Ouch!
But let’s avoid fines, shall we?
So, how to prepare a website according to GDPR standards?
There are some steps to consider, but easy to implement. We will detail 5 fundamental actions to comply with the GDPR on your website.
Action #2: Cookies Policy
Thus, the text to be constructed should address topics such as:
- What are Cookies
- What are Cookies for
- Types of Cookies
- What Cookies are collected on my website
- How to disable the collection of Cookies
But we don’t stop here … let’s move on to the next action.
Action #3: Cookies consent Banner
To comply with the GDPR standards, this Disclaimer must appear in a Banner format, inform the user about the collection of Cookies, but also make a button directly available to select the Cookies that you want or do not want to be collected. In addition, the types of Cookies to be collected – Necessary and Optional – must be listed with a checkbox not selected, by deafult, for Optional Cookies (Necessary Cookies are essential, so there is no option to disable their collection, unless leaving the website).
Confused? We show some examples of how this Cookies banner should be or should not be.
Action #4: Data processing information in each data collection action
Contact forms, subscriptions to newsletters, registrations for entering a private area, registrations for online purchase, in short, all the functionalities of a website that require the request of a user’s personal data should now have separate Disclaimers of consent, to inform and request acceptance by the user.
Action #5: Information on any changes to the Privacy and / or Cookies Policies
Por último, deve ainda ficar claro de como os visitantes ou utilizadores do Finally, it should also be clear how visitors or users of your website may be informed about the possible update of your policies in force on the website. This information can be provided via email or only registered with an update of the content published online, always with the identification of the date of the last update.
It wasn’t that hard to comply with the GDPR on your website, was it?
Header photo credits: Tim Mossholder on Unsplash
Also check out: