GDPR - might it have an impact on my website?

The General Data Protection Regulation - Regulation (EU) No. 2016/679, of 27 April 2016 - (the "GDPR") corresponds to new European legislation that aims to reinforce the protection of personal data.

The GDPR will be directly applicable from 25 May 2018 and will replace the current directive on this subject.

We understand that, when the GDPR takes effect, any company or organisation which processes personal data must comply with it.

In our opinion, the new legal framework brings some significant changes that will impact on the lives of all businesses which process personal data, in particular regarding the type of processing of personal data carried out.

Therefore, in our opinion, this new legislation introduces significant changes to the current rules on data protection, enforcing strict obligations and imposing severe fines as punishment for non-compliance.

This may require changes to the way you collect and process personal data, as well as how your customers interact with your brand, in particular online through your website or other applications.

In our opinion, the GDPR means that you should look in detail at how data is collected from users on your website, in particular using forms, which may need to be changed in light of this new law. Therefore, Softway suggests that you consult your legal and/or communication department to define the specific changes needed to your website.

From a technical point of view, in a website there are usually several ways in which users enter their data, in particular through: 

• Registration or newsletter subscription
• Filling in contact or information request forms
• Filling in recruitment forms
• Sending e-mails
• Etc.

We believe that it is particularly important to look at how these records are kept by the website owner (and/or the data controller), how they are used, and the processes for accepting, updating and deleting data by the registered person, etc...

Additionally, we believe that there are also some pages and features that may have to be reviewed in light of the GDPR obligations and related legislation or created if they do not exist. In particular:

• Terms and Conditions and Cookies Policy page
• Privacy Policy page
• Cookies Bar
• HTTPS Security Certificate - if your website still does not have a SSL certificate associated with the domain, you can request the purchase of a certificate and implementation, because this is an extra measure for secure communication of data via https protocol (among others).

Of course! But remember that this subject must always be looked at on a case by case basis, with the legal and/or communication department of the client, in accordance with the policies and practices of each company or organisation, in light of the new GDPR obligations, and taking into account the nature, scope, context and purposes of the data processing, as well as any risks which may arise for the rights and freedoms of citizens.

Here are some examples of changes regularly requested for the purpose of the GDPR:

In website forms:

• Add a “opt in” compulsory tick box saying "I have read and accept the privacy policy and the terms and conditions…", with a link to the respective pages;
• Add a “opt in” voluntary tick box saying "I would like to receive communications, newsletters and information from XXX";
• Activate double out-in mechanisms, for example: automatic response emails to the email address entered into the form to confirm if it is the same one which entered the data;
• Activate antispam checks in the website forms, using recapcha to minimise automatic submission of forms by robots;
• When applicable, integrate some forms directly with CRM platforms or email marketing platforms such as e-goi, mailchimp, benchmark, and taking advantage of the mechanisms provided by these systems, particularly in editing data, removing it (unsubscribe), double opt-in mechanisms, among others.

 In website texts:

• Revise the text on the Disclaimer or Terms and Conditions pages, in accordance with the measures adopted;
• Revise the text on the Privacy Policy page, or create a new page, if there is not one already, according to the measures adopted;

Other examples:

• Cookies bar
• Implement HTTPS security certificate in the www domains for access to your website as an additional measure for secure communication of data via https protocol.

We are available to support all customers with websites developed by Softway to implement (from a technical point of view), the changes they deem necessary to make to the site, evaluating, assessing and considering the customer budget relating to this implementation.

So, once you have identified the changes you would like to make your website, contact us and we will give full support in the technical implementation of what you require.

Unfortunately not! You should contact your lawyers and your web or IT provider and analyse this with them to make changes to your website, systems, and other issues related with the GDPR.

So that the next time the answer is yes and we can help you in some way, you can always contact us and perhaps we might have the pleasure of making a new website for your business!