Is your website GDPR compliant?
Find out what to change to make your website GDPR compliant
What is GDPR?
GDPR or General Data Protection Regulation is the European ruling for personal data protection, which was effective from the 25th of may 2018
The 9th of July 2021, GDPR was updated and new guidelines on cookies (Cookie Law) were published. This update was considered necessary because of several factors, among which:
- growing usage of particularly invasive trackers.
- Multiplication of user’s digital identities.
The owners of the sites will have time until the 10th of January 2022 to conform to the updated Cookie Law
The 3 types of cookies in the Cookie Law
- Profiling: they are used to trace users (identified and identifiable) to particular actions of behavior patterns during the website usage; in order to profile a specific user (for example, by identifying its shopping habits, interests, and its orientations to then send personalized promotional messages)
- Third-party: they are installed on our website by using outsider Systems and for purposes and methods of treatments over which we have no direct control (for instance, by using Google Analytics we are installing cookies in our visitors computers by using a different domain, in this case “google-analytics.com”)
- Technical cookies: they provide the user with some features that facilitate navigation (for example, selecting the language in which they want to browse the site without having to set it). If you use technical cookies it is not necessary to have an explicit consent from the user, as it is sufficient to only provide the information.
What are the requirements to make your website GDPR compliant?
Cookie Banner
Il banner deve essere mostrato da un sito web al primo accesso dell’utente e deve includere informazioni riguardo:
- Un’informativa breve sull’uso da parte del sito dei cookie utilizzati e le loro finalità.
- Un link alla cookie policy (che dovrà a sua volta indicare eventuali altri soggetti destinatari dei dati personali, i tempi di conservazione e l’esercizio dei diritti dell’utente).
- Una chiara indicazione che proseguendo nel sito l’utente presta consenso alla profilazione.
- Un link ad un’area dove l’utente può selezionare le funzionalità e le categorie di cookie da installare.
- Un comando per rifiutare o accettare i cookie.
In their next visits, the user must not see the cookie banner, but will be able to access the privacy/cookie policy and change their preferences.
Consent
- Consent through scrolling is no longer valid.
- Cookie wall will be illegal (unless the website offers the user the possibility of accessing an equivalent content or service without having to give your consent).
- At least 6 months must pass, to ask for consent again.
- The website owner must be able to demonstrate the proof of the user’s consent according to GDPR standards.