How to adapt the website to the GDPR
With the new provisions introduced by the GDPR for the protection of personal data and privacy, all companies that own a website and that process the information of their users, must comply with the European Regulation.
Request a consultation
Webmasters first and foremost aim at clarity of information to their users: each website must clearly show to all visitors the answers to questions such as:
- Why does the site request personal data?
- How are the data obtained and stored?
- Can data be transferred to third parties and under what conditions?
GDPR and Website: right to delete personal dataAmong the principles underlying data processing activities, there is evidence of adherence to the law: websites must prove that they have the legal basis for processing sensitive data. All the procedures must be modified in order to protect the user's rights, starting from the request for cancellation of personal data, which can be done at any time. To facilitate the procedure for requesting the deletion of personal data, it is necessary that a separate database is created for users' consent.
GDPR and Website: Log registrationGDPR compliance for new sites also requires the implementation of a visitor data verification system, with the possibility of immediate notification in case of risk of violation of personal data. A data-logging platform (log recorder) able to collect data, track the activities of the system administrator and the webmaster, associated with a software (or in the case of CMS plug-ins / modules) for access control and protection of data, can be the solution to this requirement.
GDPR and Website: right to be informedThe GDPR also requires respect for different types of user rights, first of all the right to be informed. Website owners must inform visitors and customers who are about to obtain information on sensitive data. Notices in this regard must be displayed clearly and easily understandable, even for children or minors. Site administrators must also divide between two categories, to distinguish data obtained directly from users and secondary data collected on the basis of information.
GDPR and Website: the rights of the interested partyOther fundamental rights of the user are the right of access, the right of rectification, the right to be forgotten, the right to limit the processing of private information, the right to data portability and the right of object to the processing of personal data . To ensure GDPR compliance, administrators can provide configuration mechanisms that lead to the recognition of these rights through automatically scheduled actions.
GDPR and Website: checklist
- Perform a verification of all personal data collected
- Make cookie alerts successful
- Create simple opt-in processes that are granular (depending on the treatment)
- Review the data acquisition feature
- Make the possibility of managing / deleting data immediately
- Applies an encryption level to the data physically present on the disk and the information in the databases
- Check that all modules are not "flagged" by default. The user must confirm the sending of the information
- Enables a procedure to facilitate the deletion of data of a particular user
- Enables a procedure that guarantees data portability
- Register and monitor system logs for administrators and webmasters
Thursday, May 17, 2018