What exactly is GDPR?
GDPR stands for General Data Protection Regulation. Simply stated, the members of the European Union jointly created rules and laws for everything related to data, privacy and security that would apply across Europe to make it clear to the collector of data, what can and cannot be done with this data, and for the user of a website, clarity about what the collector intends to do with your data and with whom it is shared on a website visit.
GDPR was a huge success and most of us have heard about GDPR and came to understand that you have to have a privacy policy and that larger sites also required a separate cookie policy on their website. Most people scanned their websites to obtain the codes describing cookies and integrated this with legally written texts on their websites to declare their cookies. However, it is not super clear to the user what it means if one is not versed even if it was legally correct to do so.
What does the GDPR say and how does it affect the way you run your website?
The purpose of GDPR is to give control to the individual to decide to whom and how they want to share their data and it is your job as a website owner to give them that ability. If you do not meet these needs, you are violating the GDPR and then you can face heavy fines. What do you have to do to comply with the law? You must have a privacy policy and a smart cookie management tool.
Privacy Policy
You will need to write a privacy policy with technically specialized lawyers if you have a larger site, operate in many different countries and/or have many different tools to collect data. If you have a small company that does not operate in a heavily regulated industry, you can start from a standard template and do your research to make sure you have everything. In a privacy policy, you write out the different ways in which data is collected, what to do with that data and what the purpose is. You must also provide contact details to a selected GDPR manager who can delete all your data on request.
Here you will find a simple template from the EU to help you write a privacy policy: https://gdpr.eu/privacy-notice/
So if you have a contact form that sends you a notification by email, you must explain whether it is a secure mail inbox and if that data is then forwarded to a third party or if you enter this data into a customer management system and so on. Thus, you must account for everything that happens with the data that the customer provides to you through various types of forms, when purchasing products. It is also necessary to account for what data is saved during a visit to the website, which leads us to cookies.
Cookies
ALL websites use cookies (What are cookies?) and according to the GDPR you have to declare the types of cookies that are on your particular website and you have to declare this in clear categories such as; necessary, settings, statistics, marketing and so on. As a user of the website, you must also be given the option to opt out of all cookies that are not necessary, such as marketing cookies. Another important part of GDPR is that you who collect the data must store your consent for several years in a database.
This means in today's technological climate that one text on one's website is no longer enough. One needs a smarter cookie management that can automatically scan the page and declare correct cookies. Visitors should also be able to update their preferences whenever they want. So a cookie policy can be much simpler written than before with a link that opens the preference center to consent settings. See an example of our own cookie policy.
