Are you on top of GDPR?
Make sure your company is GDPR compliant.
On 25 May 2018, the new European General Data Protection Regulation (GDPR) came into effect. The GDPR is in place to give EU and EEA citizens greater control over their personal data and the assurance that their information is protected across Europe.
Although it has been five years since the GDPR was introduced, Europe issued fines of more than 700 million DKK in the first six months of 2022, an increase of 92 per cent compared to the same period the year before. This means that even though GDPR has been the active legislation for a while, there are still many companies that do not fulfil the legal requirements.
Your website and personal data.
GDPR requires you to be able to document how you collect personal data, for what purpose the data is collected, and how the data is processed. Therefore, you must ensure that you have a description on your website of how you handle personal data and what you use it for.
You might think that your website has nothing to do with personal data, but this is most likely not true. Do you have a contact form where your customers can get in touch with you? Then you are asking for personal data. Whether you are asking for a name, email, or phone number, you are asking for personal data.
GDPR and Cookies.
GDPR is an important topic for anyone who runs a website. Just the fact that your website uses cookies means that your website collects personal data. Using cookies can be a good idea to improve the user experience, for example by allowing a website to remember what you have put in your basket on a webshop. The use of cookies is not something that the GDPR puts an end to, it just requires your visitors to actively consent to a cookie being placed on their device.
By extension, it is not enough to inform visitors that your website uses cookies. Visitors should have two options when they visit the website for the first time: accepting cookies or rejecting cookies. Therefore, it is also important that you have a cookie description or a cookie policy where visitors can read what you use cookies for.
Collect only necessary data.
Under GDPR, you must be able to demonstrate that the data you collect is necessary to provide a product or service. This means you need to be able to justify the collection of all data, so it is a good idea not to ask for more than you need. For example, if you have a call-me form, is there a real need for you to also get an email address and a company name? Or if you have a newsletter, do you need information other than the e-mail address? If you do not require this information, then do not ask for it. By only asking for the necessary data, your visitors will also not question what you use the data for. This helps to build trust towards your company.
Do you need help?
Would you like some help checking whether your website complies with GDPR? At design concern, we are ready to provide advice or update your website, so please write or call us for a non-binding talk.