How to make your website GDPR compliant

The General Data Protection Regulation (GDPR) is a regulation in the EU law on data protection and privacy for all individuals within the European Union and the European Economic Area that comes into force on May 25th, 2018. It is considered to be the most significant piece of European data protection legislation to be introduced in the European Union (EU) in 20 years and will replace the 1995 Data Protection Directive. 


The regulation contains requirements and provisions in reference to the processing of personally identifiable information of data subjects inside the European Union.


How does that affect me?

When you collect data from your website you need to be transparent about what information you collect from the visitors, how you do it and how you use the collected data. In addition to that, your visitors must have a way to request all data collected from you and have the option to delete it. Failing to meet these requirements, you might be subject to big penalties from the appropriate authorities. That's why we prepared a few tips for you to follow when building your website.


Note: You are solely responsible for the compliance of your website to the GDPR regulations. Any information contained herein is not a legal advice and you should not rely upon it as such. We recommend that you consult with a legal representative for additional steps you need to follow.


Create a Privacy Policy Page

A privacy policy is a statement or a legal document (in privacy law) that discloses all of the ways a party gathers, uses, discloses, and manages a customer or client's data. It fulfills a legal requirement to protect a customer or client's privacy. We recommend that you have a clear and transparent privacy policy in terms of how you collect and operate with the information you collect through the website.


You need to list all third party services that you use to collect personal information such as email, name, phone, address etc. You need to list those third party services and link to their privacy policies as well as tracking softwares and technologies. Make sure that all of those third-party services are GDPR compliant. Keep your policy clean and easily understandable. You also need to explain your use of cookies and that they are being dropped in the visitor's browsers and explain how they can remove them.


For example, to give you insights on your visitors, the built-in analytics in Simvoly uses cookies and sends information regarding visitor's screen, browser, device and visited pages to our servers. You need to explain that to the user and give them the option to disable such reporting. This option is available as a popup which will ask the users if they want to enable or disable such reporting. To include it in your policy, just create a link (or a button) and link to that option by selecting a link -> popup -> "Setting to Enable / Disable Visitor Analytics". You need to explain your use of all other reporting tools too, like Google Analytics or Facebook Pixel.

Keep in mind that all these are just recommendations and not a legal advice.


Always ask for consent 

You need to establish a legal basis for processing your visitors' personal data. There are different ways in which you can do it and requesting a consent is only one of them. To be fully compliant we recommend you seek legal advice.


You can collect data through Simvoly in one of the following ways - forms, e-commerce, membership registration or by integrating third-party code via the Code/Embed widgets. You should always ask for 'explicit consent' to send promotional materials to the customers and it should be all outlined in the Privacy Policy or the Terms and Conditions of your website. To do so you can add a disclaimer to the subscription button or a checkbox to agree to receive marketing materials of any sort.

Or if integrating with Mailchimp, you might want to enable double opt-in through Dashboard -> Applications -> Mailchimp settings -> Enable double opt-in.  


The right to access your data 

With the new regulation, all customers have the right to receive a copy of all their personal data stored and processed by you. You should give your users a way to request or delete their data. For example, create a form on your website where customers can request their data (have a look at ours)

When a customer requests his data, you should give him a copy of all personal data that you have of him. This can be data stored in different locations (like your autoresponders, information in CRMs or his data in our platform). To request the available personal data that is stored on our servers, go to Website Settings -> Advanced -> Request Customer Data at the very bottom. Within 72 hours we will provide you with all the data that we have for the specific customer (identified by email) on your website. You can then provide that data in addition to all other data that you might have collected via third-party services.


Note: When requesting a data deletion it might take up to 60 days for the complete removal from all Simvoly's systems.

View Details
Buy Now
Sold Out