The much-talked-about GDPR is here and with it all the changes and adaptations that those of us who have websites and collect personal data from users who browse them have to carry out.
Is your website adapted to the new regulations? Do you want to avoid the huge fines that come with being outside the law?
What is the GDPR?
GDPR is the acronym for the General Data Protection Regulation , the new data protection regulations that came into force on May 25, 2016, approved by the European Union.
The aim behind this new regulation is to regulate, care for and protect, even more so, the use made of personal data by users, companies and institutions so that their owners have more control over them.
Anyone collecting and storing personal data will therefore have mobile number of saudi arabia to comply with a series of very specific new requirements.
Anyone who collects and stores personal data will have to comply with the new GDPR
Two years after its entry into force, that is, on May 25, 2018, compliance with this new regulation becomes strictly mandatory and will replace current legislation on data protection.
The new GDPR is common to the entire European Union, so if you or your business is located in this territory or manages data of European citizens, you must adapt to the new law, without exceptions. Otherwise, the fines you could face are in the millions.
Exclamations CopywritingWhy and how does the new GDPR affect you?
Do you have a blog and use a form to capture subscribers? Do you sell your products and services through an e-commerce site ? Do you allow users who visit your site to leave a comment or contact you? Be careful!
Any form that appears on your website, regardless of its type, in which you collect personal information from your users, will have to be adapted in such a way that it complies with the new General Data Protection Regulation.
In the case of non-commercial websites or blogs that do not generate income, the most common ways of collecting personal data that you should adapt are:
Contact forms
The post comment boxes
Newsletter subscription forms
In the case of commercial websites or those that generate direct or indirect income, things get a little more complicated since it will be necessary to comply with the LSSI-CE . In addition, in these cases, we can find more complex forms or payment mechanisms to acquire or contract products or services that require additional contracting conditions and a legal notice.
In any case, remember that whenever you collect personal information on your website/blog, whether you generate income or not, you must comply with the GDPR. Therefore, below I summarize the requirements you must meet and the steps to follow to legitimize your website in light of the new Data Protection Regulation. Take note!
▷ Exclusive access for Aula CM students to the GDPR Manual with tutorials, templates and downloads to adapt your website 100%.
How to adapt your website to the GDPR
In short, for your website or blog to comply with this new regulation, you must:
Provide clearly and explicitly all information regarding the collection and use of personal data to be collected.
Enable a mandatory checkbox for users to give their explicit consent to that treatment and their acceptance of your new privacy policies3
Collect and store that explicit consent.
But, in addition, the information you provide must be presented in 2 layers as follows:
1. First layer: In which a summary of the most important points regarding the processing of the information provided by the user is included.
2. Second layer: In which the information presented in the first layer is completed and extended.
Now, where the crux of the matter really lies and where all the modifications we will have to make are focused is around what information to put in each layer and where to include each of them. Below I summarize it in 3 simple points:
First layer: Privacy Overview, Legal Notice and Cookies
What should be on the first layer?
In this first layer we must include a summary of the information about who will be responsible for the data collected and for what purpose they will use it (newsletter, updates, commercial use, etc.).
If this data is transferred to third parties, it will be necessary to indicate this and, if there is a DPO ( Data Protection Officer) in charge of managing it, their information and contact details must also appear.
In addition, we will have to inform the user about the rights they have to access, modify or delete the data they have provided and add a link to a second layer containing all the complete and detailed information on the Privacy Policy, Cookies Law and Legal Notice (in the case of commercial websites) that must be hosted on our website.