To protect your business from legal repercussions, it’s essential to comply with the local laws and regulations regarding collecting personal data if you’re a webmaster. We’ll give you a short version of what your obligations are.
The scope of the data collected
Before you proceed, the first question you need to ask yourself is what data are you collecting on your website? In case you don’t recall deliberately placing any data-collecting forms on it, please keep in mind that your server is likely to be configured to collect certain data from every visitor by default.
This includes:
– IP addresses
– Time and date of access
– Number of pages viewed
– Referring websites
– Operating system used
– etc.
If you have Google Analytics installed on the server, other data is being collected in addition to that, so you need to make sure you’re compliant.
How to stay compliant with a privacy policy and cookie prompts
Ever since GDPR came into effect, webmasters are under increased pressure to comply with its data privacy guidelines, lest they face hefty fines. To do so, the very first thing to implement is a data policy. In fact, this tends to be a requirement all across the globe, even if your traffic isn’t coming from the Eurozone.
The privacy policy must specify exactly what data is collected and what purposes it’s being used for. The good news is, there are plenty of online privacy policy generators that ask a couple of questions and then generate a suitable privacy policy (alternatively, have a look at some templates). Once you have it ready, you can place it in the footer of your website.
GDPR also requires explicit consent whenever personal data is being collected and even before placing a single cookie on their device. This requires displaying a pop-up prompt that asks for the visitor’s consent with a link to the privacy policy where they can read more about it.
Unless specified otherwise, you may not share their personal data with third parties. At the same time, realize that servers can get compromised through no fault of your own. You should do what you can to follow the best cyber security practices; as a webmaster, the emphasis lies in being proactive about protecting the privacy of your users.
Although there are services that can remove personal information from the internet, these are typically meant for the end-user whose personal details have been published online without their consent. They work on the basis of GDPR, CCPA, and other privacy-oriented laws to initiate a formal takedown request. The fact that services like these exist does not absolve webmasters from their duty to take a proactive approach to ensure data protection compliance.
Email list compliance
Some webmasters like to offer their visitors an opportunity to join their email list to receive special promos, a newsletter, or similar. This is all fine and well, but you must be extra careful how you accept their emails into your database.
To be extra safe, double opt in is the recommended practice. In other words, after they enter their email address, an auto-generated email message should be sent to the address provided. Inside, there should be a confirmation link for them to click. This verifies that the address they gave you is not only legitimate but also that it belongs to them and not someone else.
In addition, you must give your subscribers a way to opt-out at any time. Typically, this would be at the end of a promotional email message – these should always include an opt-out link in the footer.
GDPR is as strict as it gets. Fail to comply and hefty fines may follow.
Conclusion
Although there is no way to give you the complete rundown on GDPR and data privacy in a single article, we’ve touched upon the essentials. Now it’s up to you to do your due diligence and learn the rest.