Preparing your website for GDPR
3.Data encryption with installation of SSL certification
Your website and especially your eshop must encrypt the data through an SSL. In case you don’t know, read more about what SSL certificate is. It offers more security in your transactions and in users’ data transfer with the server. If you don’t already have one, you can purchase an SSL certification. There is also a free certificate for “smaller” websites.
4. Easy unsubscribe or consent revocation
Users must be able to unsubscribe or revoke their consent from any procedure or any processing operation of their data, either by themselves or by their provider, FREE of charge. E.g. It should be given to the users the ability to unsubscribe from the newsletter easily.
6. IP tracking
7. Advertising in social media
If you use emails from registered users of your site for advertising campaign on social media, the email owners should first get informed. They must be able also to unsubscribe from the lists if they want to.
9. Payment Gateways
If you use in your e-shop payment gateways such as PayPal, Stripe etc. for customers’ transactions and their information are being saved in your site, these informations should be encrypted through an ssl certificate.
The time period is has not been set but is in your judgement a reasonable time and after that time all their data to be deleted.
Data for inactive users should be deleted after a reasonable amount of time.
If it’s requested to delete ALL their data, you have to do it.
10. Information Leak
GDPR defines as duty for the businesses that in case of violation of personal data which have being kept, to notify within 72 hours the Personal Data Protection Authority of the country they established in.
SUMMARIZING: THE ACTIONS YOU NEED TO DO FOR THE GDPR
- Information: You have to inform your clients about the new regulation. Also you must inform them why you collect their data and for how long you will keep them saved
- Consent: To be able to process your clients personal data, you are obliged, according to the new regulation, to ask them first their explicit consent. In case you have to deal with underages’ data gathering through social media, you must first check their age cause it’s possible for you to need to ask their parents’ consent.
- Access and transferability: Allow to your clients to be able to process their personal data or and to transfer them in another company if they want to, by giving them access.
- Data delition: You must provide them the “right to oblivion”, the new digital right which gives them the ability to ask for delition of their private data as long as the freedom of expressin is not violated and is not impeded any investigation.
- Marketing: In case you use their personal data for various marketing actions (or activities) for your business, they have the right to ask their exclusion.
- Personal sensitive data protection: To protect the personal sensitive data of your clients, all the information by reference to race or nationality, religion, political, sexual and consumer preferences etc., you need to take extra measures for their protection, cause personal sensitive data are being protected by the law with stricter regulations in relation to simple personal data.
- Data transfer outside the EU: For the countries that haven’t receive approval from E.U., you must enter into contract with your clients to be able to transfer data in these specific countries.