On 25th May 2018, the European law enforced a regulation, to protect the integrity and privacy of users’ data on how it is being used to improve marketing for a business through a website. To make it short – GDPR is a law that directs a company or website not to use customers/users’ data for their benefit without obtaining their consent. This means a website can only use the personal data collected from the user (either personally identifiable information or demographics) after obtaining consent from the respective visitor of their website. A similar law (CCPA) is also being implemented in some of the states of the USA.
It is now compulsory to make the websites GDPR compliant within the EU region (including the UK) failing to adhere to this regulation charges a hefty fine of up to 20 million Euros or 4% of the global turnover (whichever is greater). You may be also fined up to 10 million euros in case of not maintaining the records and not informing the user upon data breach.
Therefore, for any given website, it is now time to make amendments in privacy policies and be compliant under this law. Here are the 5 most important changes to make your site GDPR compliant.
#1 Ensure to have cookie consent banner on your web homepage
Display banner informing the forms of cookies that your website is using and ask for consent whether to collect their personally entered data could be used for future marketing purposes. Always allow feasibility to the user either to “Accept” or “Decline” the consent that you are putting in front of the user.
#2 Secure your website
Make sure your website is SSL encrypted to prevent data loss. Ensure the collected must be encrypted and cannot be used by hackers. Even though, if the data got hacked, be sure to inform the customer that the data has been hacked.
#3 Clearly state the privacy policies
Make sure to provide a link on the consent banner itself, so that the user can easily jump into the policy page and view the steps taken by the website to implement privacy concerns.
#4 State the cookies that you incorporated and what data do they collect
State the purpose of implementing the certain cookie on your website in your policy. Also mention what sort of data it collects, how far does the cookie track the user, how does it function when user accept/decline the cookie consent. This ensures trust and users may accept our consent to collect data.
#5 Anonymize PII (Personal Identifiable Information)
This acts as an extra security layer for a website in terms of privacy. Anonymizing the IP address of the user helps to hide the personal (device identification) details. For marketing purposes, only demographics are needed but not any device-specific details. This may help any website to at least some extent in case of any data theft.
All these changes will make your website much stronger in terms of privacy protection that subsequently attracts high traffic for your sites.