This article will discuss GDPR Compliance, and What You NEED To Do before the deadline on May 25th. This will include the need to edit your Privacy Policies, Terms of Service and any other Data Policies that you may have to fully inform website users of their rights along with acquiring their consent to use any data that you collect or process when they visit your website.
- Tell the user who you are, why you collect the data, for how long, and who receives it.
- Get a clear consent before collecting any data.
- Provide users access their data, and take it with them.
- Allow users to delete their data.
- Inform users how information is stored
- Notify users if data breaches occur.
Tell Users Who You Are & What You Are Doing
GDPR requires you to tell people who you are. It also requires you to tell them why you are collecting their data and how long you are going to store it. GDPR also requires you to inform users on your website if there are any 3rd parties that are receiving their data via your website. This would include any analytics information, advertisements, form processing and more.GDPR Collecting Data Via Form Processing
Just about every website has forms to interact with their users. There are contact forms, order forms and more. Forms collect personal data from users. Yes this includes IP addresses, cookies and more . You must get clear consent when collecting this kind of information.How To Get Consent
When a user comes on your website you must get consent to collect data before you collect it. This can be in the form of a landing page that shows for affected countries when a visitor first arrives that they interact with to provide consent or refuse consent. This initial consent verification will cover use of cookies, analytics data and advertising displays. This is verification that the user understands that their location or browsing history may be accessed by both your websites services as well as possible third party tracking or analyzing services. Authorization must also be given by the user for any form submissions or checkout processes as well to give consent to use and store information. This type of information is more sensitive and identifying and will need to be encrypted for safe storage.Users Ability To Access Their Information
Users will need to have the ability to access their information. This will give them the opportunity to download, modify or delete any information related to them personally. This will need to be completed in different ways.- Email subscriptions need to contain a standard link in every contact that allows the user to Unsubscribe from the notifications. This allows them delete their information from that list.
- When making an order they will need to create a username and password to access their purchasing records. This will provide the opportunity to modify or delete any sensitive information on that level.