If not, we can help you to comply with the new GDPR. Call or email us today for a free review of your website or mobile app privacy notice.
What is the General Data Protection Regulation (GDPR)?
The General Data Protection Regulation (GDPR) is the most important change in Internet privacy laws in over 20 years. It contains 250 pages of tough privacy laws and regulations that will affect many website and mobile app owners worldwide.
If you own a website or mobile app, you’ll want to read on.
Who Does the GDPR Affect?
The GDPR affects anyone who runs a business, website, or mobile app that collects or processes information about citizens who live in the European Union (EU), the EU consists of 28 countries. The GDPR can affect you no matter what country you live in. If you collect information or process orders from EU citizens, or even if they visit your website, at least some parts of the GDPR will apply to you. It seems obvious that the GDPR has been drafted with the intention of catching overseas companies, individuals, and other entities that are not complying with it.
The ICO and regulatory bodies from other countries conducted an international survey of global website privacy notices and generally found them too vague and inadequate.
What Does It Mean for Me and How Do I Comply?
If the GDPR applies to your website or mobile app, you will need to make significant changes in the way you collect information from users and how you provide privacy disclosures to them. You will need to update your website privacy notice and cookie consent method to avoid fines and potential lawsuits.
The New Cookie Consent Laws are Much Harder to Comply With
Past website cookie consent methods will not comply with the GDPR and the ePrivacy Regulation. Use must use newer more comprehensive methods.
● How to comply with the GDPR and ePrivacy Regulation cookie requirements
The GDPR and ePrivacy Regulation require that you get consent from users before you store certain types of cookies on their electronic devices (computers, tablets, mobile phones, etc.). Websites that use a variety of cookies for different purposes will be required to get consent for certain categories of cookies that are not ‘strictly necessary cookies’ (e.g., separate consent for advertising and tracking cookies).
● You are required to give users the right to withdraw their consent
A website user will have the right to withdraw their consent to the use of cookies and personal data (PD) at any time. Conversely, if they decide they want to revoke their consent for cookies or personal data (PD) at a later date, you are required to give them a way to revoke their consent that is just as easy to carry out as initially giving their consent. This is easier said than done.
● You are required to keep track of a visitor’s consent
The website owner is required to keep a record of how and when they received a user’s consent for the use of cookies and to process the user’s personal data (PD). They must also keep a record of exactly what the user was told at the time of consent. When processing a user’s consent for the use of cookies and PD, the website owner is ultimately responsible for proving that the user consented. Complying with this requirement could be challenging for many website owners.
● Mobile and desktop applications are not exempt
The same cookie compliance and privacy regulations that apply to websites also apply to mobile applications.
Is Your Website’s Privacy Notice Compliant?
Your website privacy notice will almost certainly require updating to comply with the GDPR. Here are some of the requirements you will need to disclose in your website privacy notice to users:
● Contact information for the Data Controller
● Where applicable, the contact information for the DPO
● Explaining to users their rights and how to apply them
● How you collect their PD
● How they can choose what types of information you process about them
● The different ways you will use their PD
● Whom you will share their PD with
● The names of entities that you share their PD for direct marketing purposes
● How you secure their information
● The legal basis and purposes for processing their PD
● The length of time you store their PD
● Whether their information will be transferred to other countries
● Their right to request, access, change, restrict, make portable, or erase their personal information
● Their right to file a grievance with authorities
Significant Fines and the Right to Sue
The GDPR can impose fines of up to 20,000,000 Euros or 4% of a business’s annual revenue for violations. The GDPR also makes it significantly easier for private individuals to sue businesses for compensation when the businesses are noncompliant.
-------------------------------------------------------------
Here is how we can help you -
We can provide you with a customized website privacy notice, sample email opt-in form, cookie consent software, and great information to help you comply with the GDPR.
For questions, a free consultation, and free review of your privacy notice, email [email protected]
