GDPR is approaching quickly, with May 25, 2018, marking the start. However, from a webmaster’s perspective, it’s not as daunting as it might initially appear. We manage nearly a thousand websites for our clients, whether created by us or taken over, and an average website can be adjusted in about 2 hours of work. The core adjustment involves obtaining an unforced, voluntary consent for processing personal data.
Main adjustments needed include:
- Every contact form, comment form, and registration form must include a checkbox for GDPR consent, which must be unchecked and mandatory. The consent record for the webmaster must include at least the date, IP address, and the written consent.
- Any website that processes personal data, including web statistics, must have consent for data processing according to GDPR. The best solution is a Cookie banner.
- Consent can be retained for a maximum of 3 years, so it’s important to monitor the timing.
- Newsletter sign-ups must include consent for receiving the newsletter, consent for data processing under GDPR, and double opt-in.
- Online chat must also have consent.
- Video recordings of visitor movements are no longer allowed.
- Ebooks and other documents cannot be downloaded in exchange for an email address. Emails must now be given voluntarily.
- Plus, many other minor adjustments and repeated consents for already collected data...
For a webmaster, this means a few hours of work. For website operators, it’s more challenging. Companies that delegate personal data processing to processors (mainly for e-commerce cases) must enter into a so-called data processing agreement. Data processing agreements can be prepared either by yourself or by consulting with lawyers, costing a few thousand CZK. The processing agreement must be in written form and must explicitly state the scope, purpose, and duration of the agreement. Additionally, it must include the processor's guarantees regarding technical and organizational measures for personal data protection.