Managing a website is usually more than publishing content and assets (such as image) to the web; you will most likely be collecting, analyzing, or managing data from your users. Most typically, this type of data collection comes in the form of contact form information, email newsletter service and sign up, site analytics tools, and website cookies.
While these letter data collection are often considered noninvasive and very typical of day-to-day web browsing, they do involve different forms of tracking a user – and often, that data is shared across the various pieces of software and 3rd party tools that help make the web the integrated place we all love.
As of May 2018, the European Union has enacted the General Data Protection Regulation (GDPR) rules for all users within the EU. However, while these rules apply only to EU “consumers,” since the web is considered worldwide, we think it wise for everyone to consider new privacy functionality for users moving forward. It is ultimately up to you to choose compliance with any or all of these, but we advise at least keeping the below in mind for daily operations.
What are such privacy protection measures, and how do they relate to services, functionality, and the design of your website?
Furthermore, you must request consent for such storage (through a checkbox opt-in or functionally similar method).
Consumer Right to Data and Right to be Forgotten, and “Easy of Accessibility”
The GDPR requires that you allow all users to have access to the data you’ve collected on them, as well the ability for you to delete all said data. If your site is using WordPress, the newest version (4.9.6) have a very simple way to delete this data or to export it (for sharing with the user), under the Tools menu in the sidebar.
Other Content Management Systems or proprietary systems may have different abilities; please speak to us if you fall under these needs.
GDPR compliance also requires that you be easily reachable and responsive to user requests for data that you’ve collected on them either to view or delete. Another contact form may be useful here, or a prominent way to contact you.
Third-party Data Services
Third-party services which collect or manage user data from your site may require additional design or content management to adhere to any US or international data privacy laws. This management is your responsibility.
Many third party services have already taken steps to ensure built-in compliance with the law, and they will cover their own legal needs regarding the GDPR providing you initially use the GDPR-compliant features.
MailChimp: Easy Compliance with GDPR Tools
Google Analytics: Data Retention
Data Protection: Security & SSL
Under the GDPR, your organization is obligated to ensure the protection and privacy of personal data when that data is being transferred outside the company, to a third party and / or other entity within the same company.
For this reason, we highly recommend that you setup a secure, SSL-encrypted connection (https://), so that all data is encrypted as it passes through a form submission.
Here are a few helpful links on recent changes in international data protection law: