GDPR stands for General Data Protection Regulation. In short, it concerns the protection of personal data. With our GDPR checklist you will ensure that your website is GDPR compliant.
We have compiled a checklist that you can use as a guideline to make your website compliant GDPR. It's time to roll up your sleeves, because if you do not do this, then you'll be waiting high fines.
Short disclaimer: we are not lawyers, we are web experts. Always keep in mind that your specific situation may require additional measures. In this article you will find an affiliate link for iubenda. It is a win-win: no less than 10% discount for you and a small contribution for us. We only recommend software that has our approval.
Our GDPR checklist for your website looks like this:
Your website must be developed with attention to privacy-enhancing measures. This is called in the GDPR Privacy by Design. An SSL certificate is a good example of this. Your website must be loaded via a secured https connection.
Do not forget the announcement from Google that from July 2018, with the release of Chrome 68, unsafe websites as such will be clearly indicated. Now it is not so obvious, but then there will probably be a clear red open lock next to the URL.
Do not wait any longer to put your website on a secure connection. You will not escape from it anyway.
The goal of data minimization is to collect as little data as possible. Do you need the date of birth of your customer to deliver the order? When registering for a newsletter, the only required field is actually the e-mail address. In the latter case you could optionally ask for the name. This name is often used to make your newsletters more customized and personal.
Here it is about the so-called Privacy by Default. You are obliged to clearly inform your users and to protect their data. Forms must now meet the following 4 conditions:
- Clear goal
It must be unambiguously clear what the purpose of the form is. You achieve this by placing a clear title on your form: 'Register for our newsletter', 'Contact support', ...
- User must give explicit permission
Via a checkbox, for example, you can give the user explicit permission to process his personal data in function of the purpose of the form. This checkbox must be unchecked by default.
This is often just the button that the user presses to send the data from the form.
These 4 form conditions are not exact science. They form the idea that your form must meet. The 'consent' and the 'opt-in' can also be combined if it is unambiguous. For example, instead of putting 'Submit' on your button, you put something like 'Register for the newsletter'. In this way you combine the explicit 'give consent' and the 'opt-in'.
A privacy statement is a document in which you describe what you do with the details of customers and visitors: how do you collect the data, how do you use that data, how do you save it, etc ....
- Right of inspection
The visitor has the right to request his data. You must clearly indicate in which way the visitor can request this data.
- Right to forgetfulness
The visitor can request that the collected data be adjusted and, if so desired, completely removed.
What is a non-functional cookie? I think that this is the easiest to understand on the basis of a few examples of cookies that are functional. A functional cookie, which does not require a cookie report, is a cookie that is necessary for the operation of your service and that is not privacy-infringing: eg. a cookie that remembers which items are in your shopping cart, a cookie that remembers the login, etc ...
Is your cookie not functional and / or your cookie is privacy infringing, then you must show a cookie notice.
For the proper functioning of your website you usually work with several external partners: following up, sending newsletters, showing optins, processing online payments etc ...
These partners will also have to comply with the new GDPR legislation. After all, they process the data of your visitors. Popular partners such as MailChimp (newsletters) and WooCommerce (webshop) do everything they can to bring themselves into line. So normally you're fine if you make the right choices.
Do you have questions? Is something not clear?
Let it be heard at the bottom of the comments! We are happy to help you.