GDPR Compliance for Website Owners

What is the GDPR?

The General Data Protection Regulation  (GDPR) is a law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also applies to the export of personal data outside the EU and EEA areas. (U.S. companies included)

This law and others like it will change the way businesses and organizations store and process personal information. Similar regulations are already being implemented here in the U.S. One example is the California California Consumer Privacy Act (CPPA) which was signed into law in June of 2018.

Click here to obtain a privacy policy.

Even though it’s an EU thing, organizations and website owners everywhere need to pay attention

The GDPR was created to protect the rights of citizens of the European union with regards to the collection and use of their personal data. Organizations can be fined up to 4% of annual global turnover for breaching GDPR up to maximum of €20 Million.

GDPR Applies to More than Just Your Website

Remember, GDPR doesn’t just apply to your website. It applies to any and all information you collect about your customers, especially information that is stored online. This also includes mailing lists services (Mail Chimp, Constant Contact, etc.), bookkeeping software, POS Systems and more, so we advise you to do your research and make sure your business complies with GDPR and that you have a plan in place in case of a data breech.

Who Does the GDPR Apply to?

** An ” EU data subject” is any person who is a citizen, resident, or simply a visitor to the EU.

GDPR Applies to More than Just Your Website

Remember, GDPR doesn’t just apply to your website. It applies to any and all information you collect about your customers, especially information that is stored online. This also includes mailing lists services (Mail Chimp, Constant Contact, etc.), bookkeeping software, POS Systems and more, so we advise you to do your research and make sure your business complies with GDPR and that you have a plan in place in case of a data breech.

8 individual rights under GDPR

GDPR grants eight specific rights to individuals their personal data:

1. Right to be informed

You must be transparent about how you use personal data. This is typically handled through your site’s privacy policy. (which you’ll likely need to update). In the event of a Data Breech, you need to have procedures in place to notify your customers within the 72 hour reporting timeline. This may mean appointing someone in your organization to oversee data protection and to help make sure your bases are covered..

2. Right of access

If a client requests their data, you must provide it to them in a commonly used format, such as CSV.

3. Right to rectification

You must allow a client to correct incomplete or inaccurate information.

4. Right to erasure

Clients can request deletion or removal of personal data when there is no compelling reason for its continued processing. Also referred to as “the right to be forgotten.”

5. Right to restrict processing

Individuals have the right to block processing of personal data. In such cases, you can store the data but no longer process it.

6. Right to portability

You must allow individuals to obtain and reuse their personal data for their own purposes. This means you must provide it to them in a common format, such as CSV.

7. Right to object

Individuals can object to having their personal information used. This includes for purposes of direct marketing, research and statistics.

8. Rights related to automatic decision making, including profiling

This rule specifies when you can use profiling and automated decision making. It also defines requirements that must be met, such as the individual providing explicit consent.
These rights are spelled out in further detail in the official GDPR guide.

For more specifics about GDPR and how it applies to your organization, see the Site Owner’s Guide to GDPR.

What We Can Do

We build custom WordPress websites, and in a recent update, some basic functions that meet some of the GDPR requirements were built into the WordPress core software. Namely, the ability  to download and anonymize a user’s information. But there are a few other things that need to be done, and we can help. We do not guarantee or imply that any steps we take will bring you to 100% compliance, but we can help you with some of the essentials.

1. Secure Your Website

In order to earn the trust of your website users, keep their data safe, and boost search engine rankings, your website should be equipped with an SSL Certificate. An SSL (Secure Sockets Layer) certificate is a security feature that authenticates the identity of a website and encrypts information sent to your server using SSL technology.

SSL certificates can be obtained from a variety of sources. They may require an annual renewal fee depending on the type of SSL you need. However, most of our clients just need a standard SSL certificate. Our hosting & maintenance plans, include a Free SSL certificate with no annual renewal fees. (There is a one-time fee for installation.)

We can also install a free SSL certificate on your site as part of a GDPR Compliance Upgrade Package. (As your account manager for details.)

2. Publish a Privacy Policy

We can add a privacy policy (which you must provide) to your website. Below is a lit of a few privacy policy generators and online legal services we have found. You can can also use an online legal service or ask your attorney what they recommend.

3. Provide Access to Personal Data

Your website stores information entered by users in its database. If a user requests a copy of their information, it can be downloaded from the backend of your website. You can do this yourself if you have backend access to your site or we can do it for you.

A easier option is to make it possible for the users to download it themselves from the front end of your site and have you notified when they do. This is something we set up for you as part of a GDPR Compliance Upgrade Package. (As your account manager for details.)

4. Erase Personal Data

If a user requests that their information be removed from your records, it can be deleted or anonymized from the backend of your website. You can do this yourself if you have backend access to your site, or we can do it for you.

A easier option is to make it possible for the users to delete or anonymize their own information from the front end of your site and have you notified when they do. This is something we set up for you as part of a GDPR Compliance Upgrade Package. (As your account manager for details.)

5. Obtain Consent to Store Personal Data

On most websites, users are able to submit information in one form or another. Some examples are contact forms, user registrations, ecommerce purchases, email subscriptions, post comments, or any forms or applications that gathers data.

These forms should require the user to agree with your Privacy Policy. Additional checkboxes can also be added for things like Terms & Conditions, agreement to receive email newsletters, or other permissions or consents you may require from your users.

8. Add Cookie Consent

Almost every website uses cookies to customize and improve user experience in whatever browser or device they are using to navigate your site. Cookies may also be used for other purposes. (See All About Cookies)

Another step towards GDPR compliance is “cookie consent”. This is a notification that the users receives the first time they visit your website. You’ve probably seen this yourself as more website owners are taking steps to become GDPR compliant. A cookie consent prompt can be added to your site as part of a GDPR Compliance Upgrade Package. (As your account manager for details.)

Where to Obtain a Privacy Policy

Below is a list of Privacy Policy generators and online legal resources to help you tailor a privacy policy to the needs of your organization:

SourceTypeDescriptionCost
Privacy Policy GeneratorGeneratorSimple and easy to use privacy policy generator.Freehttps://www.privacypolicygenerator.info/
PrivacyPolicies.comGeneratorGenerate a simple generic policy, or select from several add-ons for specific use cases.Free w/Add-Onshttps://www.privacypolicies.com/blog/privacy-policies-legally-required/
TermsFeedGeneratorA relatively easy-to-use, yet comprehensive solution.Free w/Add-Onshttps://www.termsfeed.com/privacy-policy-generator/
Rocket LawyerGenerator + Legal AdvisorCreate a GDPR Compliant privacy policy that covers all your bases with the help of qualified legal professionals.Free w/Add-Onshttps://www.rocketlawyer.com/gb/en/documents/privacy-policy
FormSwiftGeneratorA relatively easy-to-use, yet comprehensive solution.Free w/Add-Onshttps://formswift.com/free-legal-forms
Better Business BureauTemplateSample privacy policy to use as a template. (Includes guidelines)Freehttps://www.bbb.org/greater-san-francisco/for-businesses/toolkits1/sample-privacy-policy/
UpCounselTemplateFor basic websites with user generated content.Freehttps://www.upcounsel.com/privacy-policy-template
Wonder LegalGenerator + Legal AdvisorFree and relatively easy to use generator with the added benefit of access to legal services. (Based in the U.K.)Free w/Add-Onshttps://www.wonder.legal/uk/modele/website-privacy-policy
Termly.ioGeneratorFairly easy to use and comprehensive, but the free version requires the privacy policy to be hosted on their site.Free w/Add-Onshttps://termly.io/resources/templates/website-privacy-policy-template/
LegalTemplatesGeneratorCreate a Google AdSense, Google Analytics, and ecommerce law complaint policy for your website, blog, or mobile app in minutes with LegalTemplate's privacy policy generator.Free w/Add-Onshttps://legaltemplates.net/form/privacy-policy/
Website PlanetTemplateA free template along with some useful information about GDPR Compliance and the laws regarding data privacy.Freehttps://www.websiteplanet.com/blog/make-privacy-policy-gdpr-compliant/
LegalZoomLegal ServiceConsult with the professionals at LegalZoom to create a fully compliant website privacy policy tailored to the needs of your organization.Paidhttps://www.legalzoom.com/business/business-operations/website-terms-and-conditions-overview.html
DISCLAIMER: We do not guarantee the above mentioned privacy policies to be compliant with any local, federal, or international regulations. We recommend having an attorney to look over any policy you decide to adopt to determine if they are right for your organization.

Legal Services

Using an attorney is the best way to make sure all your bases are covered, but f you do not have an attorney, you may want to consider a service like LegalZoom or Rocket Lawyer. For an annual or semi annual fee (around $31 to $36/mo in Tennessee) you can consult with attorneys in all sorts of matters. You may pay extra to have a document drawn up, but worth the extra cost to make sure your bases are covered. And many documents can be downloaded for free if you are subscribed.

For more specifics about GDPR and how it applies to your organization, see the Site Owner’s Guide to GDPR.

GDPR Compliance Upgrade

GDPR compliance is a daunting task, and the requirements seem overwhelming, even for leaders in our industry.  As website producers, we try to stay on top of technology and news that affects our industry. And when we become aware of situations that affect our clients, we want to let them know so they can do their own research and make informed decisions about their website or online presence as a whole. 

We also want to provide solutions where we can, so we have put together a GDPR Compliance Upgrade package to help you meet some of the basic requirements of GDPR.

PLEASE NOTE: The above content should not be construed as legal or tax advice. Always consult with an attorney or tax professional regarding your specific legal or tax situation.

GDPR Compliance
Play Video

Additional Resources:

Here are a few other relatively simple descriptions and resources we’ve found:

Share This:

THE STUDIO

101 South Main Street
Suite 101
Memphis, TN 38103

Copyright 2024 New Urban Media

Accredited Agency

A+ Rating since 06/01/2018

5 Star Rating

15+ Google Reviews | ⭐️⭐️⭐️⭐️⭐️