The enforcement date is just around the corner.
Is your homepage compliant with the GDPR yet?
Read the article and find out what you need to do.
What is the GDPR?
The GDPR is the General Data Protection Regulation.
It is an EU-wide law that protects the personal data of EU citizens.
The GDPR is enforced on May 25, 2018.
Along with the GDPR comes very heavy penalties for non-compliance.
Organizations that fail to comply risk fines of up to €20 million, or 4% of the organization’s global yearly turnover, whichever is higher.
Who does it affect?
The GDPR affects any organization and any website, that…
- is located in the EU, or
- handles data of EU-citizens.
So, if you have a website outside of the EU, but have users from the EU-countries, you are affected by the GDPR.
How to comply with the GDPR
To become compliant with the GDPR, you have to go through and revise all of your data handling activities.
- What personal data do you handle?
- For what purpose?
- How do you make sure that it is securely stored?
- How do you ensure that you have your users’ consent in doing so?
- What procedures do you have in place in case of a data breach?
Once you have identified the why-where-and-how’s of all of your data-handling activities, you have to make sure that you set proper procedures in place for all of the necessary handling of personal data.
One of the most important steps for making a website GDPR-compliant, is to get a proper cookie consent-system for your website.
How do I get a GDPR-compliant cookie consent?
Virtually all website sets cookies on their users’ browsers, and virtually all cookies handle personal data in some way or other.
Therefore, one of the most important steps to become compliant with the GDPR, is to get a proper cookie consent solution for your website.
This is easier said than done.
The internet overflows with non-compliant cookie solutions, even though many of them state to be compliant.
For a cookie consent to be GDPR-compliant, it has to contain the following features:
- Transparent consent: The consent has to be given on the basis of clear and specific information about data types and purpose.
- Prior consent: The consent has to be given before any processing other than the strictly necessary ones takes place.
- Non-ambiguous: The consent should be given as an affirmative, positive action.
- Real choice: the consent should be given as the result of a true choice. The user must have the option to reject superfluous cookies and still use the website.
- Documentation: The consent should be recorded as evidence that consent has been given
- Reversible: The user must be able to change their mind and withdraw their consent whenever they want
Learn more about GDPR and cookies
Read relevant articles on cookies, online tracking, GDPR and ePrivacy. Follow our rss feed.