With the EU GDPR (General Data Protection Regulation) deadline of May 25 quickly approaching, I thought it extremely appropriate that I outline the methods we are using here – on a new website – to ensure our compliance with this legislation. Even though we are based in Australia, the Internet is Global, and since our target audience also includes people in the EU… so we DO have to try to comply with the new rules.
To be honest… it seems to be quite SIMPLE to do, so I’m not sure why people have been jumping up and down about it all. But that said, I am not a lawyer LOL so I could have it all totally wrong!
Now, remember I am using the services we provide here @ YBI as examples to show how we comply.
So, in a nutshell, here’s what we’ve done.
ANYTIME we request personal details here – name, email etc., we make sure that:
- we try to use a CONSENT CHECKBOX on the form requesting the service
- we try to use DOUBLE OPT-IN email confirmation for the service requested
- BOTH of the instruction and thank you screens specify that “CONSENT” is provided to us to deliver that service IF you click the CONFIRM link
- we provide a link so the user can VIEW the information we have
- we also provide a method so the user can easily REMOVE that information, and
- all this is also outlined on our PRIVACY page.
On that privacy page we specifically mention ALL of the places where WE might collect personal information, and what we DO with it.
In our case, we collect such details when people:
- use our contact form (consent requested via checkbox on contact form)
- register as a member (consent requested via checkbox on form, AND with double opt-in)
- sign up for our email newsletter(consent requested via double opt-in)
- website log files and cookies (you can’t use the service without these – DER!)
- use our social media platforms (consent must be assumed to be given IF you subscribe/follow surely???)
and what they need to be aware of for each instance!
And, considering we have good security in place to prevent hackers getting to our data here (ie Wordfence among other measures) then I think we’re good to go!
So there you are! GDPR compliance seems simple enough 🙂
Considering we have always used double opt-in for our email subscriptions, that is probably enough to assure compliance. However, adding the checkbox wasn’t that difficult to do, and just adds another layer of awareness (and spam / bot prevention) to our sign-up routines.
It seems the only ones that might get upset about this are the single opt-in people… But since I have never wanted spam addresses or bots signing up to my system, I say who cares LOL
I think the whole thing is also a great public education campaign… people MUST be made more aware of how their “privacy” is impacted online… and how their information is being used.
At the very least, websites which do NOT have such measures in place, will stand out and could probably become “less trustworthy” over time because they don’t appear to care about the user’s privacy 🙂
And that is not a good place to be!