GDPR for online collected data
Key concepts:
What is GDPR
Who needs to follow it and how
Starting with 2018, the EU decided to take a step further and protect the data of their online users, that means that whatever data is collected and/or used through the online environment can be deleted if requested so.
A general usage that all websites should have are the cookies (analytics and statistics) and registration forms (database of our users). GDPR or General Data Protection Regulation is the EU norm that regulates the privacy to obtain, store and use personal data in the digital world. This law is valid for both EU based entities and those outside of EU, but that use data of EU users.
The main objectives of this norm are:
Guarantee the transparency of data usage (who collects it, what data, with what purposes);
Ensure the user knows how you process the data and agrees you to do so;
Guarantee the possibility to delete all the collected data, if requested specifically by the user.
The information of the user must be clear and accessible to them, and have specified why you collect it and what you do with it. The consent is obtained through a pop-up, most likely, where to announce the collection, while it also gives the possibility to access rapidly a link to more information about their usage.
There is more to research on the topic and so we invite you to do so in accordance with what you need specifically for your case. We will now see how to use this aspect on a web page.
Legal texts
Check the privacy, legal notice, cookies policies and adapt them to the new imposed informative rules. They should conclude at least:
Who are you (who is the entity behind the website with legal data);
What type of data you wish to collect and use;
What will you be using the data for (for each type of data, specific reasons);
For how long will you be keeping or using the data;
If there is anyone you share the collected data with, who are they and what is the end purpose;
If you use affiliate links, whom they belong to and what does that mean for the user in terms of collected data.
Most likely there is a link in the footer section that opens the page with more details, yet you can place it anywhere as long as it’s visible and accessible to the user.
Forms
Besides the data that you want to collect, be it even just name and email (newsletters), you should specifically ask for approval (generally as if you send us your data you accept to be collected by us within the purpose of…). You can do that by having check boxes, while next to them the link to the specific information.
Their approval must be given willingly after having read and understood the terms that you provide in the links. To make sure they do so, a confirmation email must be sent for validation, in case someone else registered with their data or email address.
Cookies
Same like the forms, you need to give the possibility to the user to accept or decline the usage of cookies for the website, and it’s not just that, but it should give the option to choose some (the minimum) while declining others (additional).
It might be a bit more work in the beginning to create the texts, yet afterwards you can just revise them or adjust them if there are new functions you want to include. They are definitely annoying for the user and we know that, but the law must be respected as such.