General Data Protection Regulation (GDPR)
GDPR Regulation 25.05.2018 - Personal Data Protection Act on website and online store
The long-awaited "Personal Data Protection Act" is not only in force since May 25, 2018, but is already in its heyday, and warnings about upcoming fines have begun to fly to the giants in online circles.
With GDPR in force, comes the problem of all Bulgarian online retailers with existing websites and those that are about to creat a brand new website design and the changes they have to go through.
What changes must be made to the website to comply with the GDPR?
Let's take a general look at what the new regulation is, in terms of logic.
Every user should know the following at all times:
- What personal data will be stored or is already being stored for it;
- How they are taken;
- Why they are stored and for what purpose;
- How and how a user can disable tracking from different tracking codes
- How and in what way a user can be asked what data the site/store stores for him. Who administers the data and how it is stored.
Cookies are grouped into four categories in total:
Important cookies - fully related to website functionality, account identification, language, currencies, user session, etc.
Effective cookies - these are used to remember personal settings for the site. For example, an online store to save your data when placing an order. Enter a phone number, etc.
Analytics and Advertising Cookies - Most commonly, all tracking codes from Facebook, AdWords, and other sources that offer site crawl statistics are included here. Their purpose is to give more information to the "analyzer" of the website so that more work can be done on the convenience of the experience while browsing the site
Advertising Cookies - Here are the cookies that are used & nbsp; and provide to third parties, for example, for email marketing, Google Adwords, Google AdSense advertisers and other companies offering "outdoor advertising". Interestingly, the regulation states that the site has an obligation to verify that the service used by third parties also complies with the regulation. That is, if Google AdSense violates the regulations and the site provides us with personal information taken from our website, then we are also in violation of the regulation.
All cookies should be mentioned, how they are said, what type they are, what purpose they have, what duration they have, and who has access to them.
In case you do not have an automatic way of reference on the website, an individual form can be added, in which each user can request the contact e-mail. Each user has the right to request to be forgotten, deleted, or simply to inquire about the data stored about him
The customer enters personal data in a field of the site
Personal Information means any information relating to an identified or identifiable living natural person. Individual data which, when aggregated together, may lead to the identification of a specific person, is also personal data.
This definition also includes the data that the client fills in when using a contact form such as:
First Name, Last Name, Email, Phone, and IP Address
This means that any website, even if it uses only the contact form on the website, is again referred to as a "Personal Data Administrator". Even if emails are not stored and deleted, the customer has already sent their data digitally.
From this, we should conclude that each field in which the user enters the above data must be accompanied by a tick and text that he/she agrees with the provision of personal data.
The same checkbox must appear on the "Account Registration", "Game Participation Pages", "Online Store Order Page", "Newsletter Subscription Window" and other fields in which enter a similar type of personal data.
If you need advice or consultation, feel free to contact us.