GDPR summary – Key requirements
AVG / GDPR in short
In brief:
- Since May 25, 2018, your website must meet the requirements of the AVG (General Data Protection Regulation) law, which is equal to the European GDPR (General Data Protection Regulation).
- This law protects the privacy of citizens and is regulated in the same way throughout Europe.
- This article is aimed at customers of Pink Sun Webdesign and gives a short and to the point which requirements their website and business operations must meet. Do you want more depth? Then the websiteoriteitpersoonsgegevens.nl is THE place where everything is explained in great detail. Also read the fairly simple step-by-step plan .
1. Privacy statement
You need a privacy statement. Safe internet is an initiative of our government. If you enter here how you conduct your business, this website will generate a Privacy Statement that is reasonably legible and meets all requirements.
You can of course adjust this statement in terms of text, as Pink Sun has done in its Privacy Statement.
2. Security
Make sure your website is properly secured:
- In my blog about the secure connection I advised to take a secure connection.
If you have contact or sign-up forms on your website, HTTPS is required. - Your website needs to be updated regularly. If you do not regularly perform these updates of WordPress and the plug-ins yourself, then a maintenance contract is no longer a luxury but a must.
(All Wix websites are automatically updated by Wix and have an HTTPS connection as standard, which is part of the hosting package)
3. Data processor agreements
You need processor agreements. Third parties may be able to access the personal data of your customers.
It must therefore be clearly agreed with those parties how they will handle that personal data. And who is liable.
An example is if you send a newsletter via Mailchimps. You can here a processing agreement immediately close them.
You must also conclude these agreements with your host, your website builder and anyone who has access to your website if you collect personal data through your website.
The data processing agreement for Wix customers can be found here .
4. Forms in accordance with the AVG / GDPR
If you have forms on your website, they must be adapted with a text that indicates what you will do with the data that the website visitor enters there.
You may also only request relevant information. So no telephone number, for example, if someone signs up for a newsletter.
(How often does it happen that you suddenly receive anonymous calls after you had to write down your telephone number somewhere in a mandatory field?)
5. Cookie Notice
You are required to indicate which cookies you use on your website.
Pink Sun’s customers all choose not to advertise on their website and, as far as I know, do not sell personal data to third parties.
In that case, it suffices to indicate in the cookie notification that you only use cookies for ease of use. These cookies are anonymous and do not require approval.
6. Adjust Google Analytics
If customers use Google analytics, I recommend changing the settings at Google so that the cookies remain anonymous .
In this way, in principle, you do not have to enter complicated settings (or have them entered) in your cookie notification, and it is sufficient to write, for example:
On this site we use cookies to analyze traffic, remember your preferences and offer you optimal ease of use. .
7. Report data breach
Has your website been hacked? Have you lost your external hard drive with someone else’s personal data?
Report the hack within 72 hours here.
picture: Swallows underground Berlin
photography Renee Verberne