What to do
Preparing your website for the GDPR
1. Privacy Policy
In website’s Privacy Policy, you must describe in detail and clearly the way you collect personal information and how do you process and store the clients/visitors data. You must also report the time period you preserve the data and the way they can see, process and delete their personal data.
2. Consent
Where there are online forms for personal data collection like contact form, support, newsletter, purchase forms etc, there must be a checkbox – unselected by default. By checking the box the user gives his consent, he accepts the Terms of Services and the Privacy Policy. Terms of Services must also contain a link which leads to your Privacy policy and any other significant terms and service agreement you want to provide.
3. Data encryption with installation of SSL certification
Your website and especially your eshop must encrypt the data through an SSL. In case you don’t know, read more about what SSL certificate is. It offers more security in your transactions and in users’ data transfer with the server. If you don’t already have one, you can purchase an SSL certification. There is also a free certificate for “smaller” websites.
4. Easy unsubscribe or consent revocation
Users must be able to unsubscribe or revoke their consent from any procedure or any processing operation of their data, either by themselves or by their provider, FREE of charge. E.g. It should be given to the users the ability to unsubscribe from the newsletter easily.
5. Cookies
In case you use cookies, the visitors should be informed about it when they enter the site and more details about cookies should refeared about them in the Privacy Policy. Moreover, they should have the ability to disable the cookies through the browser’s settings.
** If third party cookies are being used, such as Google Analytics, it must be mentioned in your site’s Privacy Policy. What cookies are used, why and for how long they are stored.*
6. IP tracking
If you track the IP addresses of your visitors/members of your webpage, it should be mentioned in Privacy Policy, because the IP addresses are individuals’ “personal data”.
7. Advertising in social media
If you use emails from registered users of your site for advertising campaign on social media, the email owners should first get informed. They must be able also to unsubscribe from the lists if they want to.
8.Remarketing
Remarketing uses cookies for tracking webpage’s visitors to be able to adjust the advertisements according to their interests. So the visitors must be aware about these practises within your site’s Privacy Policy.
9. Payment Gateways
If you use in your e-shop payment gateways such as PayPal, Stripe etc. for customers’ transactions and their information are being saved in your site, these informations should be encrypted through an ssl certificate.
In case your eshop saves customers’ private data in the payment gateway, you should inform the users through your website’s Privacy Policy for how long the informations will be kept.
The time period is has not been set but is in your judgement a reasonable time and after that time all their data to be deleted.
Data for inactive users should be deleted after a reasonable amount of time.
If it’s requested to delete ALL their data, you have to do it.