The EU is taking privacy seriously, with the soon to be released GDPR (General Data Protection Regulation) coming into place on May 25th 2018. This has the potential to affect Australian businesses that offer goods and services in the EU, or that collect the personal data of individuals in the EU. The regulation comes into place after an industry overhaul that ensures the laws overseeing personal data are in line with the privacy rights of EU citizens.
The idea behind the GDPR is to drive a data protection reform across Europe that is ‘fit for the digital age’. And rightfully so, with our world continually moving towards a completely digital time where information is transferred across digital networks, and everyday tasks are digitalised to make life easier for the modern individual.
You may be wondering “If this is an EU law, then how does it affect me?”. While not all businesses will be affected by the change, if your business attracts visitors from the EU then you may need to comply with the new regulations.
GDPR for Website Owners
There are six main ways in which the GDPR will affect website owners:
How you collect data via online forms
Online forms, even a simple Contact form, collect private data such as name and email. A condition of GDPR is that you must gain a user’s consent whenever gathering data. This must be their explicit consent, it must be opt-in (rather than a pre-ticked checkbox), it must be separate from any other terms and conditions and make it clear as to why you want the data and what you’re going to do with it.
How you collect analytics data
Google Analytics are implementing their own compliance, as you may have seen in their recent email outlining the changes. For the most part this won’t affect your site, but the change will allow you to manage your data retention settings.
As for third party analytics in your website backend, check to ensure that plugins you use to analyse data are also compliant.
What you do with that data/Where the data is stored
How you communicate with your customers and contacts
This is where email marketing plays a role. You MUST ensure that any marketing emails sent from your email client have been consented by the end user. This means conducting an audit of your forms to ensure that there is a clear opt-in, and an audit of your mailing client to ensure there is a clear opt-out.
The code you use – plugins and themes.
WordPress plugin developers have more than likely jumped onto the GDPR compliance and made the required updates to their plugins. Although we recommend that you review the plugins to make sure they are updated and compliant. We can help you with these tasks as part of our monthly website support packages.
Regulations around Cookies
A cookie is a tiny file that is stored on your computer. It contains the address of a website and code that your browser sends back to the website each time you visit a page there. Cookies don’t usually contain personal information or anything dangerous; they’re basically a way for the Internet to enhance your user experience.
The EU now considers cookies to be a form of Personal Data, therefore you will be required to ask for consent if you wish to track the user’s cookies.
Wondering how this consent request can be implemented? Depending on your website platform the solution may be as simple as a plugin or a small snippet of code that can be added into your website. Ask us how we can help.
Securing your Website
Any website that collects data is responsible for how that data is stored. This is often left up to the likes of the hosting providers and there has been a recent push to ensure all websites that collect personal information are secured via SSL encryption.
Google has already started to notify users of site security through notifications like the below:
If you would like any further information about the GDPR you can read up on this website.