Since the spring of 2018, many online businesses and marketers fret over the words such as ’private data’, ’Regulation’ and ’data protection’. If you have an email address or use an application, program or any other software which demands a sign-in, then you have probably noticed an unusually increasing number of emails (some may even call them spammy) which invite you to resubscribe or confirm their use of your personal data.
If you have, you need not worry. Welcome to the post GDPR web.
From May 2018, many online businesses went into a massive craze because of the European Regulation which protects their citizens’ data even outside the EU. The regulation is intended to prevent and punish any unlawful misuse of data online, which may affect online businesses.
Since we are not legal experts, and probably nor are you, you probably do not have the slightest idea how to align your business with this regulation. Well, educating yourself may be the first step so here we will try to encapsulate only a few important things you need to pay attention to. Since the regulation was written for lawmakers, not the ordinary business folks, it is our intention to make it more understandable and down-to-earth as much as we can.
Note: This article does not constitute legal advice. Please refer to an EU law expert about anything you may find confusing and read as much about the regulation from relevant sources.
How To Survive the Data Privacy Directive
In the context of websites and online businesses, GDPR means the legal protection of personal data of persons living in the European Union no matter where your online business is. If you use Google Analytics, Facebook Pixel or any other script which processes data, stores it or sends it to a third-party here are only some of the things you need to make compliant.
1. SSL
Online safety is the most important item on this list. If your website is prone to hacker attacks or any other misuse, you had better implement an SSL certificate. Not only will SSL help you rank better on Google due to a recent algorithm update, but it (or its updated version – TLS) will also show users that you respect their private data by adding an HTTPS prefix, thus adding authority to your domain.
Technically speaking, this socket encrypts traffic coming from your web browser and website via HTTPS, which is of extreme importance especially in web shops which have online payment options.
2. Cookie consent
Even though consent is the keyword of GDPR, we must highlight however that even when your users give their consent to data processing, they can retreat it anytime and file a complaint to the court in case of a breach.
However, in order to show users, you care about them, you should first draw up Privacy Policy, Cookie Policy and Terms of Use documents in cooperation with your legal advisor or expert in EU law. The next step is adding a pop-up or banner which starts a script for cookie consent management. What many websites have not figured out yet is that adding a button ACCEPT still poses GDPR liability and that there must be a choice whether or not a user wants any of the data to be used or processed by you or a third-party product. Therefore, the best option would be to code a script which helps the user manually manage cookie preferences and continue browsing your website.
3. WordPress
If your website uses the most popular CMS in the world, you can then download and install their free GDPR compliance plugin to help you in configuring Privacy Policy page, data processing, cookie consent management, data subject secret tokens, and many more. This plugin is very useful and can give you a head start with the regulation, so we hope it will serve you well.
There you have it, the three most important elements to help you survive in the post-GDPR world (wide web). We must remind you again that this is not a legal advice but only an observation of good practices and some good reason.