fbpx

How to adapt the website to GDPR

,

It is not far-fetched to say that May 25, 2018 should be considered the “Y2K” day of data processing.
In fact, the new European General Data Protection Regulation called GDPR: General Data Protection Regulation has come into force.

The GDPR regulation takes concrete form with Legislative Decree No. 101 of August 10, 2018, which, as we read, sets September 19 as the final effective date for the measure.
In the Official Gazette of September 4, 2018 is published the Legislative Decree August 10, 2018 no. 101: Provisions for the adaptation of national legislation to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

It is applied to all types of enterprises offering services or products to people and located in the territory of the European Union.

As far as websites are concerned, the new regulations focus attention on the visitor’s consent to the processing of his or her own data and the clarity of the information about it to be provided on the Privacy and Cookie Policy pages.

It is necessary to analyze and review whether and how, you store and possibly process sensitive (and non-sensitive) user data, and to comprehensively report the details of this analysis on a dedicated page (Privacy Policy).
The other issue, however, is related to Cookies and thus the processing of this data.

Cookies

Cookies, are lines of text contained in small files sent by websites to the browser used for browsing and which allow the site to be functional or to profile the user.

It is necessary at this point to briefly analyze the three main categories of cookies:

  • Technical cookies, are those used for the sole purpose of delivering the service in the best way.
    Think, for example, of the cookie that allows us to save the session and maintain the login of a site;
  • Profiling cookies, are those released in order to send advertising messages in relation to user preferences.
    Think, for example, when we perform a certain search on a website and later, thanks to the cookie that has stored this information, we are offered banner ads related to the search performed;
  • Third-party cookies, are those installed by a party other than the site operator.
    An example is social buttons or Google Analytics statistics.

How to adjust your website

Under the new legislation, consent provided by users of a website must be informed and explicit.
Visitors, therefore, must have the opportunity to consult a clear and explicit Privacy Policy regarding what data is collected and stored, by whom, and for how long, and at the same time confirm or deny that they want to give consent.

Regarding cookies, each website must display a window for requesting consent to their installation and a link to the detail page.

Detail of the operations to be performed on your website

Privacy Policy

The Privacy Policy must contain all the information about the types of data collected, the manner and place of data processing, the data controller, the purposes, and details about the individual services used by the site with indications about the purpose and method of deletion.

The link to the Privacy Policy page must be prominently displayed.
It is therefore advisable to place it in the footer of the site.
In addition, it must be included in every contact form anticipating the choice of consent.

Cookie Bar and Cookie Policy

The visitor accessing the site is required to be shown a window with directions to give consent to the installation of non-technical cookies.
Pending user choice, these should be blocked in advance and reactivated only when the user gives consent to installation.

The window, in addition, should show a link to the Cookie Policy page with details of the cookies installed, directions for giving consent or denying consent, and a link to privacy and how to disable third-party cookies.

Contact forms, request for services, posting comments/reviews

All forms on the website must include a requirement to consent to the use of data for the purposes set forth in the form.
Layered consent must be prepared for any other use, allowing the user to express or withhold consent for any other type of purpose.
Forms that involve emailing the site operator must send the user a copy of the data entered (courtesy mail).

Newsletter

Newsletter registration forms must also include “layered” consent to data processing.
The individual submission must allow the user to be able to manage enrollment and consent given.

Ecommerce

The data used by the user to register their account on the online store and those related to shipping and billing involve the same measures as described above.
In addition, online stores must provide a system to manage data portability and give the user the option to request deletion (right to be forgotten).

 

If you are interested in learning more and would like to be supported in adapting your website to GDPR regulations, please contact Neikos Digital Agency.

 

Browse by Tags : , , ,

Share on:

All posts All posts

Neikos Web Agency

Come and visit us in our offices in Benevento or Senigallia, call us, or fill out the contact form

Contact us

Scroll to Top