Posted on Leave a comment

Is Your Website Ready for the GDPR?

GDPR Website Compliance

Is Your Website Ready for the GDPR?

Is your website ready for the enforcement of GDPR on May 25, 2018? The General Data Protection Regulation is designed to make digital privacy laws across Europe uniform, and compliance failures could potentially contribute to hefty fines.

Website content management and e-privacy policies are heavily affected by the new GDPR regulations. Here are a few of the things you will have to do to make sure your website is ready for the GDPR.

GDPR Provisions for Websites

Many websites require private data and permissions from visitors in order to function properly or provide relevant content. The GDPR will change the manner in which such website visitor information is being collected.

The new European regulations give internet users full control over their data and their eprivacy. Clear, easy to understand, and optional opt-in/out policies have to be implemented as a result of the new EU digital privacy laws.

Some of the most important ways in which GDPR compliance can be ensured include the following:

  • Active opt-in forms that enable the visitor to either subscribe or unsubscribe effortlessly
  • The addition of data encryption
  • The creation of a strong privacy policy/privacy statement
  • The provision of legal justification for personal and sensitive data processing
  • Allowing the deletion of customer/website subscriber information
  • The provision of easy opt out or withdrawal of permission

What to Do in Order to Ensure GDPR Compliance

The summary above gives you some idea about the website changes that will have to occur in order to ensure GDPR compliance. Let’s take a deeper look at the actual steps involved in making these changes happen.

The first and the easiest thing to do is to modify and augment your digital privacy and information handling policies. Luckily, the Information Commissioner’s Office has published detailed guidelines and examples of how a privacy notice is to be written. To be on the safe side, you should also consult an experienced attorney that will help you craft an effective document that is GDPR-compliant.

Cookie policies are also to be thoroughly outlined in the notice!

Next, consider getting an SSL certificate that adds a layer of encryption and helps you ensure the safety of sensitive data. It’s easy to see whether a website has SSL certification. The certificate “unlocks” the little padlock symbol that appears in the address bar before the URL.

Changing all website forms is another very important part of ensuring compliance.

Based on GDPR requirements, website forms can no longer feature pre-ticked boxes (you probably have seen pre-ticked boxes for newsletter subscriptions or for the sending of marketing information to new website members).

The aim of the GDPR is to enable websites to provide specific consent options for every potential interaction with the website. Pre-ticked boxes take away some of that freedom.

Specific consent is also needed for sharing user information with third-party service providers. In addition, consent should be easy and effortless to withdraw. Website owners should make sure that their visitors and subscribers know they can withdraw consent at any time and they should also outline the consent withdrawal procedure that is to be followed.

A few other things to address include IP tracking, the use of personal data for re-marketing, and the manner in which data breaches are going to be reported and addressed.

GDPR aims to ensure transparency and simplicity as far as e-privacy is concerned. This means that every policy and term and condition on the website will have to be revisited and rewritten. Don’t hesitate to introduce these changes – as already mentioned, compliance failures could have serious consequences.

Posted on 1 Comment

Privacy Notices Under GDPR: How to Draft a Compliant Statement

Privacy Policy Compliance

Privacy Notices Under GDPR: How to Draft a Compliant Statement

The deadline for the enforcement of the new General Data Protection Regulation (GDPR) is fast approaching and many businesses are still unprepared to address new privacy concerns and requirements.

GPDR changes are going to have the most profound effect on privacy policies and notices. The GDPR privacy notice has a couple of specifics that make it different from previous versions of the document. Currently, a privacy notice template is made available by the Information Commissioner’s Office. This is one of the official sources of information you can rely on to ensure compliance. Other privacy notice forms you find online could potentially be outdated, which will lead to a GDPR compliance failure.

What Does a GDPR Privacy Notice Have to Feature?

The aim of GDPR is to give internet users and website visitors full control over the manner in which their personal data is being used. The rights of website visitors, customers, and subscribers should be presented in a comprehensive privacy notice.

The privacy notice is a public statement that focuses on how personal and sensitive data protection principles will be applied in reference to the website’s functioning.

According to articles 12, 13 and 14 of the GDPR, a website’s privacy policy should be:

  • Concise and written in a language that’s easy to understand
  • Transparent and readily accessible on the website
  • Free of charge
  • Written so that a child could understand the information contained in it

There are numerous important questions that website privacy terms and conditions have to address in order to ensure GDPR compliance. A few of these key issues include:

  • Information about the entity that is collecting data and how this data is going to be used
  • What is the legal basis for the collection and the processing of personal or sensitive information
  • Is the information going to be shared with third parties, how and why
  • The amount of time during which personal and sensitive data is going to be stored
  • The rights of the individuals who share their sensitive data with the entity
  • The manner in which a complaint can be filed
  • The manner in which website visitors can consent or withdraw consent to data collection

Drafting a GDPR-Compliant Privacy Policy

Most often, privacy notices are copy-pasted or filled with jargon to the point that they become completely illegible.

If your privacy notice isn’t simple, straightforward and well-written, you will have to rework it.

All manners in which personal data is going to be collected and used will have to be outlined. This means that if you use third-party products on the website (Google Analytics, email newsletter software) that require visitor information, your visitors should be informed.

A generic privacy policy is no longer going to cut it. It has to be specific and it has to provide details about the entity behind the website, the purpose of the website, data collection practices and the numerous ways in which such information is going to be used to enhance the visitor’s experience.

Official privacy notice templates can be quite helpful when attempting to draft a brand new document. In the absence of legal knowledge or experience, however, you may want to seek professional assistance. There are fines and penalties for compliance failures, which is why you can’t leave the drafting of your privacy notice to chance.

Posted on Leave a comment

Removing Negative and Defamatory Content from a Site

Removing Defamatory Content

Removing Negative and Defamatory Content from a Site

As social media and innovative digital channels have come into existence, people have had to deal with issues like negative comments and even online defamation. While there aren’t official statistics in the US, online defamation grew 23 percent in the UK in a single year as a result of digital communication.

Online defamation law makes it possible to get sued over comments published on your website or social media profiles. At the same time, many website owners are hesitant about content removal because such interventions do affect the freedom of expression.

If you have a website or any other type of online presence, you will have to deal with negative or defamatory comments sooner or later. Here’s how to handle the task in the best possible way.

Online Defamation Laws

While defamation regulations are pretty much straightforward, cyber defamation is more difficult to address. The manner in which online comments are handled will depend upon your location, the location of the commenter, and whether their identity can be pinpointed.

Things become even more interesting when you add the Communications Decency Act to the mix. The act exempts website hosts and ISPs from most defamation cases. Thus, website owners and bloggers will be the ones who will typically be forced to deal with the situation.

Content Removal to Deal with Defamation: How to Do It Properly

Defamation online can be widespread because of the sense of anonymity people get in their digital communication.

As a website owner, you have the right to deal with negative, racist, sexist, or otherwise unacceptable or illegal comments. To give visitors a good idea about what’s permissible and what’s not, you should have a well-drafted terms and conditions page

Even if the website provides visitors with an opportunity to write comments, blog posts, or share any other type of content, such activities should be controlled via a set of rules aimed at ensuring quality and reducing the risk of online defamation.

The Communications Decency Act does offer a range of protective provisions to website owners. Still, you may experience problems as a result of:

  • Intellectual property claims whenever something published on your website is copyrighted
  • Specific encouragement of the publication of defamatory or illegal content (in this instance, CDA protections will not apply)
  • Creating content that is illegal or defamatory
  • Committing a violation pertaining to state or federal criminal law (especially when a comment or a piece of content relates to either the exploitation of children or obscenity)

Authors are not protected from liability under CDA. This is especially true when the identity of the author can be verified. In such instances, it would be best to communicate with the respective person and ask them to remove the defamatory information voluntarily.

If it’s not possible to get in touch with the author or they refuse to take down the content, a website admin should go ahead to remove the respective text, image or video. This is completely permissible if the website’s terms and conditions outline the procedure and the situations in which it’s going to be enforced.

When you fail to do the right thing, you may face more serious consequences. It’s possible for a person affected by defamation to obtain a court order for the removal of a particular URL from online searches. As a result, you may lose traffic and experience problems with website development. To avoid such complicated legal scenarios, it would be best to address online defamation on your own.