EU’s general data protection regulation will affect your web services
‘Much has been said about the GDPR. In a nutshell, it is a regulation from the European Commission that replaces the old data protection regulation and will, in equal measure, expand the existing policies. The many privacy rights provided by the GDPR mean that any person becomes the owner of any data collected about him or her. Should the individual choose to exercise those rights, the data collector or processor must be able to comply.’ Comment by Anna-Riitta Vuorenmaa, partner at Privago and Allan Sørensen, Chair of IAB Europe’s Policy Committee.
Whether you’re a big or small company you must get consent from your visitors to collect any information or data from them.
Even if you only have installed Google Analytics or social media sharing buttons like Facebook or Linkedin ‘like’ buttons on your site, you still have to ask consent from all who are visiting your site. When the consent is collected, our solution remember your visitors consent and don’t ask it again. Be aware that a company or a site owner still has the responsibility when applications or systems collects data. Many plug-ins and free tools usually collects user data and with this service you have control what information will be passed through.
Online Data collection governed by GDPR and the E-privacy directive:
– E-Privacy Directive sets the ’consent’ requirements
– GDPR requires ‘unambiguous’ consent through clear, affirmative action
If relying on implied consent, consider timing of cookie drop
But don’t worry, we have easy plug and play solution ready for you and your site.
If your site collect any personal information you just need to fill out one form and order a script to your site. After it has been installed, your site will be GDPR compliant.
Relevant Consent help you to easily comply with the GDPR and other data privacy regulations, assess privacy risk and to stop unauthorized website trackers from following your visitors.
Cookies are mentioned only once in the EU General Data Protection Regulation (GDPR), but the repercussions are significant for any organisation that uses them to track users’ browsing activity.
Recital 30 of the GDPR states:
Natural persons may be associated with online identifiers […] such as internet protocol addresses, cookie identifiers or other identifiers […]. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
In short: when cookies can identify an individual via their device, it is considered personal data.
This supports Recital 26, which states that any data that can be used to identify an individual either directly or indirectly (whether on its own or in conjunction with other information) is personal data.
What it means
Not all cookies are used in a way that could identify users, but the majority are and will be subject to the GDPR. This includes cookies for analytics, advertising, social media and personalisation or functional services, such as surveys, recommendations and chat tools.
To become compliant, organisations will need to either stop collecting the offending cookies or find a lawful ground to collect and process that data. Most organisations rely on consent (either implied or opt-out), but the GDPRs strengthened requirements mean it will be much harder to obtain legal consent. The consequences of this were discussed during the 2016 Data Protection Compliance Conference and its findings described by Cookie Law:
– Implied consent is no longer sufficient. Consent must be given through a clear affirmative action, such as clicking an opt-in box or choosing settings or preferences on a settings menu. Simply visiting a site doesn’t count as consent.
– ‘By using this site, you accept cookies’ messages are not sufficient for the same reasons. If there is no genuine and free choice, it is not a valid consent. You must make it possible to both accept or reject cookies.
– It must be as easy to withdraw consent as it is to give it. If organisations enables visitors to block cookies who doesn’t want to give their consent, they first have to enable the visitor to accept cookies.
– Sites will need to provide an opt-out option. Even after getting valid consent, sites must give people the option to change their mind. If you ask for consent through opt-in boxes in a settings menu, users must always be able to return to that menu to adjust their preferences.
Relevant Consent Unique Features
– All sites are unique and a visitor preferences are treated individually
– Full transparency for all services
– We help you – the solution is serviced and fully supported
– Handling all types of web services (Advertising, Analytics, Personalisation, Functionality, Social Media Sharing)
– Customise the cookie consent service to your website: design and style, wording, logo, categories
– A/B testing available
– Database of 1.160 trackers available
– Full GDPR and ePrivacy (when introduced) website compliance
Read more about the full solution here.