The General Data Protection Regulation (GDPR) is a European privacy law that is due to go into effect on May 25, 2018. The new regulation provides residents of the EU countries with the tools to control their personal data and ensures their privacy by protecting their personal data and rights.
The GDPR must be observed by everyone who processes personal data of residents of the EU countries (Article 3 of the GDPR). The GDPR states that personal data is any information related to an identified or identifiable individual (the data subject), based on which, directly or indirectly, an individual’s identity can be established. Thus, if your website collects personal data, and the personal data subject is a citizen of a member state of the European Union, you must ensure that your site complies with the requirements of the GDPR.
If you can not say with certainty that you process the personal data of at least one citizen of a member state of the European Union, ask yourself the following questions:
- Are your services/products adapted to the languages of the EU countries?
- Are your services/products sold in the local currencies of the EU countries?
- Are your services/products are offered at the national top-level domains of the countries of the European Union?
If your answer to at least one of the above questions is “yes”, you must comply with the requirements of the GDPR.
As a site owner, it is your responsibility to inform your visitors and customers about the way your site processes their personal data, so you should carefully study all the requirements of the GDPR and bring your site in line with them.
Take a look at our recommendations below so you know how to make your site GDPR-friendly.
- basis for the collection of personal information (usually the consent of the subject of personal data, but there are other legal grounds specified in paragraph 1 of Article 6 of the GDPR);
- the rights of the personal data subject (listed in articles 15-18, 20 GDPR);
- list of the personal information that you collect and its types;
- purpose of collecting personal information;
- cases in which you disclose users’ personal information to third parties;
- how cookies and other technologies for the automated data collection are used on your website;
- how subjects of personal data can withdraw their consent, change or delete their personal information that was collected by you;
- your contact details for communication and questions.
If you require any specific features on your website according to the GDPR (notifications of using cookies, age confirmation, implementing the right for data transfer, etc.), feel free to contact uKit Support Team and we will help you find a necessary solution.
Some general recommendations on compliance with the GDPR:
- Check if your site and organizational measures taken comply with the GDPR requirements
- Follow the principles set forth in paragraph 1, Article 5 of the GDPR, including the principle of data minimization, i.e. avoid collecting information which is not necessary for providing services/offering goods
- Promptly respond to all customers’ requests concerning their personal data
- Obtain explicit consent to the processing of personal data by using the checkbox form
- If you are based outside the territory of the EU countries, you should appoint your representative in the European Union
To be fully prepared for the GDPR requirements, we recommend that you read the full text of the GDPR, and seek legal advice from qualified specialists in the country of your jurisdiction.
Here you can find useful information about how to bring your site in line with the GDPR.
If you have any additional questions, comments or suggestions on how to improve our service in relation to the GDPR requirements, please contact the uKit Support Team.