5 Steps to GDPR Compliance
Whether it’s an inconspicuous banner at the top or bottom of a website, or a more in-your-face pop-up notification, it’s nearly impossible to miss that many websites are now asking you to accept “cookies” in order to get access to their content. What’s the reason, what does it all mean and who doesn’t like cookies?
Before you start salivating, the cookies we’re talking about consist of information — not chocolate chips — and their purpose is to help websites track visits and activity. It sounds a little ominous but it’s this data that records visitor login information to save time on subsequent visits. It also ensures that items placed in a cart stay in the cart, even if another link on the website is clicked.
And as helpful as they are, cookies — and other pieces of personal data collected by websites to enhance visitor experiences — are becoming increasingly regulated worldwide. For websites that have customers or visitors from countries in the European Union (E.U.), strict rules are now in place that require compliance with General Data Protection Regulation or GDPR.
What is GDPR, and how does it affect my company’s website?
Implemented in May 2018, GDPR is a regulation in the E.U. that addresses consumer privacy and data collection. Its primary goal is to empower E.U. citizens to have more control over their personal information and how it’s used. Companies with a website that is frequented by E.U. citizens (whether or not the company is located within the E.U.) must follow specific steps to be compliant and avoid fines and penalties.
What does my website need in order to be compliant?*
Privacy Policies are required by laws intended to protect a consumer’s privacy. Protected information (also known as Personally Identifiable Information) includes names, email addresses, street addresses, phone numbers, credit card information, blood type, marital status and much more.
2) A Cookies Policy
- Define website cookies.
- Mention the types of cookies you use, including those used by your third parties.
- Explain how your site uses the cookies.
- Give users instructions to manage their cookie settings.
3) A Banner or Popup Notification
One way to do this is by adding a banner or pop-up notification to your website so that first-time visitors are notified of your cookie usage and are given a link to your complete Cookies Policy.
Please note that if you delete or disable our cookies you may experience interruptions or limited functionality in certain areas of the website.
Learn more about cookies (link)
How to delete cookies (link)
4) Consent for Using Cookies
To be GDPR compliant, consent must granted by your website visitor before a cookie can be placed on a their device. Most companies choose to add a simple checkbox or a button to their cookies notice (banner or pop-up notification) that prompts users to click it in order to give their consent to the browser cookies.
5) An Easy Opt-Out Method
Instead, you can add a clause to the end of your Cookies Policy that explains how to opt out of cookies using their browser setting, or simply provide links to browser websites that educate your visitor on how to manage cookies on their devises.
The New York Times is a great example of how to give your site visitors the power to manage their own browser cookie options.
The Future of Internet Privacy in the United States
Mark Your Calendar: The California Consumer Privacy Act Takes Effect on January 1, 2020
Data breaches in the U.S. are making headlines on a regular basis these days. So while there currently exists no single law that regulates internet privacy here stateside, there are signs it is in the works. In the meantime, a patchwork of state laws are addressing consumer data privacy issues. Leading the way is the California Consumer Privacy Act of 2018 or CCPA, which goes into effect in 2020.
The CCPA will apply to you if you are a for-profit company that collects information on California residents (or has it collected on your behalf) and you meet one of the following criteria:
- Gross revenues over $25 million (adjusted for inflation);
- Buy, receive for commercial purposes, sell or share the personal data of 50,000 or more consumers, households or devices; or
- Receive 50% or more of your annual revenue from selling the personal information of consumers.
It’s important to understand that the criteria are broad, and exceptions apply. And while the law applies beginning January 1, 2020, it will likely be several months before enforcement is in full effect. Let us know if you’re concerned that this will apply to your website, and we can dig in well ahead of time to be sure you’re ready in time for the New Year. Keep checking back as we’ll have follow-up information ready to go in the coming weeks that will detail a few proactive steps you can take to achieve CCPA compliance. In the meantime, achieving GDPR compliance is a solid initial step.
A Stellar Conclusion
We’ve dropped a lot of detailed information on you but the bottom line is this: Cookies are delicious and GDPR sounds scary, but with a few simple steps your website can be on the right side of regulations and consumer privacy protections.
If you’re ready to get compliant, Stellaractive can help. Drop us a line today.
cookies, GDPR laws, privacy policies
*Important Note: The Stellaractive team has many talents, but we are not lawyers. The information provided here does not guarantee GDPR or CCPA compliance and should not replace actual legal advice. Please consult a lawyer to be sure your website is in full compliance.