February 27, 2018 by Agnes Talalaev
What is at stake for website owners and how to make your website GDPR compliant?
It was not so many years ago when in the narrow streets of Brussels a new cyber regulation (GDPR) was boiling up. Way before the War in Ukraine, before the British Exit and DNC scandal, and many other things, a crowd of lawyers and economists, together with the representatives from all over the loosely defined terrain of Europe. They started to shape up a new regulation as of rights of the European citizens when it comes to the cyberspace.
This regulation made one of the strongest and boldest statements for quite some time: global applicability. The regulation was heading on towards one of the most contested terrain, with relevant interests spanning across individuals, companies and authorities alike. And when it comes to European regulation, interests of various member states and the Union, whether in conflict or not, can easily become to be a challenge if not just an obstacle to overcome.
First things first, this what is said here is no legal advice of any kind. This has been written for the needs of entertainment and discussion, nothing here should be used or considered in lieu of legal services or as a basis for any decision.
Remarkable as it is, the European General Data Protection Act (GDPR) made a bold reach to cover the whole world – protecting rights of EU-citizens no matter where in the cyberspace the services are delivered from. Not many legislatures have had such an ambition before. Perhaps only some legacy American legislation had the practical trust to be considered to be valid for global application.
For GDPR, the world is one. In addition to that, GDPR mandates strong penalties for data processors, wherever they are, who fail to comply. It establishes also fundamental rights for citizens when it comes to their relationship with authorities and companies within the cyberspace.
It remains to be tried in the Court of Law how various member states and their bureaucracies and businesses will adapt to this new regulation, its word and the motive. Penalties for failure to comply with the regulation and maintain adequate protections can be high.
Without spices added, the word of law can taste rather mild and flat. But, when it comes to the GDPR law, its urgency, relevance, and boldness may be unique. Perhaps not only in order to please the audience, the GDPR goes on and lays down a good set of fundamental rights and protections for people.
This could be even seen as an initial set of constraints to limit powers in the fifth domain, to avoid cyber-tyranny and cyber-fascism. Data processors, that is companies in this context, must protect and inform – and failure to do so cost money. In the optimal world of GDPR citizens had full ownership of their data, for inspection but also a final argument of being “forgotten”. The reality, however, may not be that cartoonish.
The regulation also guarantees authorities certain rights for data processing without a consent or ownership of the subject of any kind. However, in the context of business, there should not be much of a discussion who owns the data. Private and public spheres are, however, much intersecting today.
In the process of understanding GDPR the most important this is to read, learn and also communicate it to your employees so that everyone understands the severity of this regulation. To understand if you need any safety protocols in place you should review the data you collect and understand if it is in order with the requirements that GDPR will lay down.
GDPR requires a lot of changes in your website also starting from registration forms and going all the way to marketing solutions. Some changes are needed for different designs and information gathering activities on your site. For example, you can not pre-tick the opt-in box so that the user has to opt-out by themselves. Firstly it is a bad user experience for the user and secondly, it’s rude. Change those things definitely before the 25th of May, 2018.
A significant part of the website GDPR is about transparency and individuals must know how and in what way their personal data is being used. So make sure to tell your customers or users exactly why and for what do you use the collected data. Another change that will be needed is to let people choose what content they want to receive and how they want to receive it. That means also asking if you can send them information by email, text-message of a post.
If you have an e-commerce site where customers provide you with their payment data, you should be aware that you have to remove the information you have after 60 days. There is also some important information and changes for marketing and those companies that use different retargeting tools – make sure that you to tell your users that you are collecting “cookies” on your site. A lot of companies use Google Analytics to collect information about user activity, but fortunately, Google has them covered and the information you get from Google Analytics is fully anonymous. Read more here.
Last but not least – make sure your website is safe. Make sure your website has an SSL certificate and is running on updated software. If you care about your site and want it to stay secured and safe consider heavily investing in website security. The General Data Protection Regulation (GDPR) comes into effect on the 25th of May. So make sure your business is compliant by the deadline.