The General Data Protection Regulation is or GDPR have a lot of people running since May 25 of this year. The application of this law, despite having occurred in the European Union, affects all web pages due to the traffic they can receive from anywhere in the world. The most important thing about this norm is that the user must have available all the possible data on the activities that are carried out with the information that users leave in the web pages.
In summary, being explicit and transparent is the basis of all the actions you perform on the web and refer to the collection of data by users, who not only must know what is done with their data but must also state your consent so you can store them. You must also store the proof of consent, in case you need it in the future. Users must be able to access their own data to download, modify or delete them; They must also be informed with total transparency if a leak of said data occurs.
Fortunately, many of the most famous WordPress plugins have already made modifications related to the GDPR and it’s becoming easier to make your WordPress up to date. Let’s see what details you should take into account and modify on your own.
Forms
Subscriptions
With an opt-in, users of a website, platform or application express their desire to subscribe or register, that is, to submit their data to said platform. With an opt-out, users say they want to stop belonging to the database of a platform, stop receiving updates, etc.
What happens with the opt-ins under the implementation of this law is that the user must explicitly state that he does want to subscribe to a newsletter when registering on a page. Generally, the “Yes, I wish to subscribe to the email list” box is selected, under this new law, it shouldn’t be.
Any type of automatic subscription to threads of comments or interactions that aren’t at the initiative of the user must be eliminated. Basically, no subscription or contact with the customer should be predetermined.
Additional Information
Until now, the information referring to the collection of personal data could be included within the Privacy Policy (which very few people read in detail). Although in web design we always try to make information short and concise, the new regulation requires that terms be displayed in two ways:
The notice of cookies that you have seen on many web pages must include the option of “more information” or “read more” that leads to the Privacy Policy (which includes the cookie policy). This link should also be included in the forms. The Cookies Policy must inform about what a cookie is, what cookies are used on the web, how cookies can be deactivated and what consequences it may have to deactivate or not accept such cookies.
Should be included below the form a message with the most basic terms of the Privacy Policy that refer to personal data, you can create your own text. Be sure to indicate who will be responsible for the data, what they will be used for, where they are hosted and what the user’s rights are. This information should be brief but easy to understand.
Mails
The RGPD requires you to add a message to the recipient about why you are receiving that email, the confidentiality terms that you will follow for your data and the possibility of unsubscribing from the mailing list.
Privacy Policy and Terms of Service
The Privacy Policy should detail what we mentioned before that should be placed under the form: Who is responsible for the data, how to contact the person responsible, for what purpose the data is collected, what is the legal basis under which the data will be stored. data, who are the recipients and what are the rights of the user who leaves their data on your website.
Advise yourself correctly to know what variations the terms may have according to the country and what third-party applications you must mention within the terms so that all the information is completely transparent.
The terms of service must also be deeply detailed. You must add information on how to request and download a complete record of all the data you have about the user, how they can erase your data completely, how they will be informed if any type of information leak occurs and how long you will retain that data.
Legal warning
This document will help you to leave in writing the rights and licenses of the content of your web page, with the data of the owner of said contents. If you have other authors or owners of the content, you must also make explicit and indicate the conditions of such content. You can also indicate the contact procedures that a user must follow in the case of a conflict or suggestion.
Do you need so much information?
Have you encountered applications that request permissions to access information that technically shouldn’t need? With the GDPR you will have to inform the users why you need every detail of their data, so think very carefully about these details since you will not be able to accumulate data “just in case”.
Are they going to punish you?
Failure to comply with the RGPD can result in very harmful penalties such as 4% of your billing and fines of up to 20 million euros. There probably will not be a hunt for websites that don’t comply with this rule, but in the case of a complaint or claim, it’s better to protect yourself. In addition, we like professional work, so ethics must be maintained.
