The General Data Protection Regulation (GDPR) is a law that processes personal information of visitors in a secure way. Since the 25th of may 2018 there’s no way around it: your organization and your website have to be GDPR compliant.
The privacy and security of the visitors of your website are very important. The law protects privacy-sensitive information that organisations can gain, which is great for our privacy and personal data, but less great for all the changes and extra work the law brings to businesses and organisations. The law calls for effort and preparations from each organisation that processes personal data, including self-employed people and SMPs.
According to the privacy regulations of GDPR you may only use personal data and pseudo-anonymous data as an organization with explicit permission for clearly articulated, explicit and rightful purposes. This means that it’s not allowed to place tracking cookies on your website or use personal data for sending emails. What else is off-limits? And what does this mean for your website? Ask for our GDPR website scan and we will help you make your website GDPR compliant. You will receive extensive advice that you can use to get started.
Do you save personal data on your website? An SSL/TLS certificate, which you can recognize by the lock in your address bar, is required. SSL/TLS encrypts the communication between you and your customers. On one hand, this takes care of authentication so that your visitors are sure that they are truly on your website. On the other hand, it takes care of encryption, which means that a third party can not see which information a visitor sends to you.
We check your website for integrations of third parties (tools and plugins which you use). If these integrations transfer personal data, then we will advise you to sign a processor agreement with these parties. To name a few examples Google Analytics, MailChimp, Gravity Forms, Livechat, HubSpot, Hotjar etc.
We advise you about improvements for your privacy declaration. Your privacy declaration has to clearly communicate to users about how and why you gather personal data. The following things have to be made clear: which information you gather, how you use this information, how this information is processed, how people can view this information and how they can object to this.
It doesn’t matter which cookies you use, as long as you ask for permission (except for functional and analytical cookies, as long as analytical cookies are anonymized). This permission has to be granted for each category of cookies individually or has to be sent through an encrypted connection.
Google Analytics has one purpose: to gather information from your visitors so that you can use reports and data to gauge the success of your website. If you use Analytics, then you are required to sign a processor agreement with Google. This is offered by default in your Analytics account. This requires you to take measures in relation to potential cookies that you place.
Regarding forms on your website: ask for permission and make sure that data is being sent encrypted by HTTPS/SSL. You can not ask for more information than necessary for the goal of your data processing. You also have to save who gave you permission, what they gave it for and when they did it. How? We help you to make your forms GDPR compliant.