General Data Protection Rules (GDPR) compliance required by May 25

May 4, 2018 · by Domains Direct · 3 min read General Data Protection Rules (GDPR) compliance required by May 25

Note: This is not legal advice, but a very brief guide to the requirements of the GDPR. Please consult a legal expert for further advice. Domains Direct won't accept liablity for any losses suffered as a result of following this article.

You've probably noticed those pop-ups on some sites asking for your consent to store cookies on your device. This requirement for sites operating in the European Union (EU) was introduced to protect users and their personal data.

If you conduct any business with private individuals in the EU you'll need to comply with the GDPR rules by May 25th, or risk potentially huge fines.

Fines of up to �20 million may be imposed by data protection authorities for any breach, as well as damages payable to any person that has suffered losses as a result of a data breach.

This affects you if you sell goods or services to a person who lives in the EU, or you monitor the behaviour of a person who lives in the EU, regardless of where you store or process personal data.

Visitor tracking

Cookies allow you to track users on your website by writing a small text file to their computer. If they return to your website you'll be able to identify them as a returning visitor. If your site uses cookies you'll need people's permission to track them.

Some examples of where cookies are used include:

  • Google Analytics
  • Social media share buttons (Like, Follow etc.)
  • Shopping cart software
  • User registration system

The rule here is: are you able to trace a cookie back to an identifiable person? So, for example, if your site has a user registration/login system, you'd be able to look up their IP address in Google Analytics to track their activity on your site; which they'd need to give consent for.

Similarly, if you use Google Analytics and you have data collection forms using a GET request (as opposed to POST,) for example, /subscribe? then Google is going to log that URL, which is traceable back.

Collecting personal data

If collecting any personal data, people must freely give their consent for you to collect and store it. This isn't just information they fill out on a form; it can include data they might not even know they're sharing.

The definition is fairly broad, but items can include a person's:

  • Name, address, phone, email
  • Salary or wage details, or credit rating
  • Medical details
  • Ethnicity, political stance, religious beliefs, sexuality
  • Images, voice, or video recordings
  • Employment details
  • IP address
  • Location data

Anonymised data is not included, provided there's no way to trace the data back to a person.

Grounds for data collection

In order to collect personal data, you must have legal grounds to do so. This could include:

  • Performing a contract
  • A person giving consent
  • You have a legitimate interest
  • You have an obligation to collect data
  • To comply with some law

Enable opt-in for EVERYTHING!

Once you have collected data for a specific reason, you cannot then process it for another reason, for example, if a customer purchases something from your website, you cannot then email them a newsletter or other promotional content later on without their consent. They must have specifically consented to joining your newsletter list.

Most importantly, pre-ticking boxes on web forms does not constitute consent.

This article was written based on information provided by the New Zealand Law Society. See here for further reading.

Conflicted Names Process Ended
Conflicted Names Process Ended
6,675 conflicted names were released on 27 October 2017, which are now free for anyone to register.
How to maximise your SEO for 2019
How to maximise your SEO for 2019
We cover the most important SEO criteria to implement to get your site ranked in 2019.
Free email services are damaging trust in small business
Free email services are damaging trust in small business
One thing that really makes me cringe is when I spot a small business, who have their own website Domain, but use Gmail, Yahoo, or Hotmail addresses for their email.
Why you should host your site on https (SSL)
Why you should host your site on https (SSL)
Google wants to make sure the sites they deliver in search results are secure. They've even made it part of their ranking signal. Find out why you should switch to https.
Domain Name awareness research 2017
Domain Name awareness research 2017
We look at some of the highlights of the NZRS Domain Name Awareness research completed last year.