The General Data Protection Regulation or the GDPR is expected to come in effect on May 25th 2018. The new privacy regulation law will majorly affect the digital marketing industry, as well as website designs and integrations. According to the GDPR Cyprus law, all companies whose website doesn’t already comply to the new set of regulations will have to introduce major changes in order to follow the privacy laws and restrictions.
Not only that the GDPR Cyprus is going to impact the design of your website but it will also affect the way you utilize other applications and track digital activity. The whole idea behind the new regulation law is to protect people’s personal data, which includes everything from their name and home address to their email address. In other words, the new law will require all businesses to offer transparent explanations and evidence of personal data usage and to give their audience complete freedom in choosing to opt-in or opt-out of different marketing campaigns and newsletters.
How to make your website comply to GDPR Cyprus
Violation of the new law is going to lead to strict fines, which can sum up to over 20 million Euros. In order to avoid large fines, you should check your website to make sure it complies to all new regulations. Even though some sites have already followed these rules before the GDPR, it is better to check yours before it’s too late.
The number one concept of the new regulation is allowing the audience to actively give consent to certain actions. Most sites used to take advantage of pre-ticked consent boxes when asking visitors to subscribe to the newsletter and most visitors would give their consent without even noticing it because the box was already ticked. From now on, any inaction of that sort won’t be considered legal consent. The visitor will have to actively tick the consent boxes themselves if they want to accept your offer or request.
Furthermore, all requests for a visitor’s consent must be given separately. You can no longer ask the visitor to accept the Terms and Conditions and give their permission for contact by ticking the same consent box. These consent requests will have to be separated so that the reader has a clear view of what they are consenting to. This also allows for better user experience in general so it will definitely benefit your site.
Besides transparent consent forms, the already subscribed users must have a clear and easily accessible way to unsubscribe, that is, opt-out of your subscription. The process of cancelling a subscription should be simple and fast, without requiring any additional information. The subscribers will have to have the option to either partially unsubscribe from some forms of communication or to stop the communication completely.
It will no longer be enough to mention “third-parties” in your web forms but you must name each party the user is giving consent to. You will also have to check the Terms and Conditions and the privacy notice of your site. Make sure all the information is transparent, concise and straightforward. Any inconsistency may be considered a violation of the GDPR Cyprus law.
Make sure to clearly explain what type of personal data the website retains, how long it keeps it stored and what the company does with all that information. To make things easier, you can use the sample of a correct privacy notice provided by the Information Commissioner’s Office. If your site accepts payments you will have to make sure it does not retain any personal data while passing it through to the transaction gateway. If your site is catching any of the users’ personal data related to payments, that is considered a strict violation of the new law. In that case you have to modify the site and program it to remove all data within 30 days.
Last but not least, you have to make sure you list all the third party applications you use to track the site’s success and visitors’ behavior on it. This includes any third party marketing automation software, including call tracking and lead tracking apps. Even though the providers of these applications promise their tools are GDPR compliant, you should still check all your contracts carefully to make sure you don’t miss out on something. Using third party programs brings along many GDPR compliance risks so make sure you read every detail of your agreement with them.
It is mandatory for every business to check whether their site meets the GDPR requirements. The law is going to come in effect on May 25th of 2018 and all businesses violating its new rules will face strict fines. If you are curious about the ways you can ensure your site is GDPR Cyprus compliant or you need help regarding the regulations, feel free to contact us!