Probably everyone has heard about GDPR, and many companies have already updated their online presence in compliance with the new rules. But if you are still not familiar with this innovation, Redwerk will clarify what’s happening.
GDPR stands for General Data Protection Regulation that came into force on 25 May 2018 and was directed to the protection of personal data processing of all European citizens.
New rules allow EU residents to control the transmission of PII (name, email address, location and other information through which the identity can be determined) to companies that collect and store it for their purposes. GDPR requires the user’s confirmation of the processing of his/her personal information in the form of agreement or explicit actions. Besides, now every person has the right to know whether his/her information is transmitted to third parties and can request to change or delete all the data.
According to new laws, all European companies and also foreign organizations that do business with EU should follow GDPR. In case of non-conformity with the rules or other infringements related to the personal data, companies will have to pay huge fines that can reach 20 million Euros or 4% of the annual profit.
Redwerk, as an outsourcing software development company, works with clients from all over the world. And approximately half of those are from EU countries such as Germany, Netherlands, Belgium, etc, so we have to dig into GDPR. We have carefully studied the official documentation, reports, articles on this hot topic, and have stopped at 6 must-have actions to be GDPR compliant for companies and agencies like ours, and it turned out to be not so painful at all!
Privacy Policy
First of all, companies should revise their data collection and processing methods. According to the new rules every company that deals with Personal Identifiable Information (PII) and non-PII has to describe in clear and straightforward way how they collect, process and store the data. So, we started with double checking all the way we receive data and updated corresponding passages in our Privacy Policy. We also added information on how users can control data collection, what rights they have and whom to ask in case of any issues.
You should take this changes seriously. It seems like an easy shot, but you have to know what happens to all the data you collect around your website. Privacy Policy is the first thing your visitors face to, and it should provide truthful, understandable information and all needed contacts.
Cookies
Come to the GDPR side, we *still* have cookies!
Cookies can give a great deal about the identity. Passwords and logins are stored in cookies too, so they are considered as personal information that should be protected. GDPR obliged all businesses to show what information can be collected via cookies, what services have access to the data and how they use it.
If your company collects advanced analytics or excessive data through the cookies, you have to add detailed information about its usage. You can either create a dedicated Cookies Policy or compliment your freshly updated Privacy Policy with information about cookies. Besides that, any website should ask for consent for using cookies and describe the ways to avoid collecting them.
Since we are only collecting the basic set of cookies and essential data for Google Analytics, we have updated Cookies section on our policy page and have added the necessary permission to collect cookies on all our websites.
Contact Forms
Two words – explicit consent. It means that visitors of any website and users of any service should understand what will happen with the data they enter voluntarily. GDPR stands for asking and re-asking website visitors whether they want to share anything about themselves. Better safe than sorry, there should be no assumptions of person’s data collection.
Ask any digital marketer, and he/she will tell you that any additional click reduces the overall conversion level, but rules are rules. We added a GDPR Agreement checkboxes to all our contact forms. Now users confirm the consent to provide their personal information to respond to their requests.
And requests are still coming 😉
Subscribers and leads
Let’s be honest, nobody wants to lose the precious contact list collected for years. But one of the main points of GDPR is not keeping excess data and data you don’t need.
So, one of the next stages was the revision of Redwerk’s contact database and deleting all information about people we hadn’t contacted for over two years, who didn’t answer our letters over a year and contacts that didn’t have the source tag.
But CRM isn’t the only contact database we have. There’re also newsletter subscribers, thousands of them. Widely spread solution was to mail everyone and ask to update newsletter settings. And that is exactly how you got all those “Let’s be friends” letters.
While GDPR doesn’t claim that you have to update the consent of each and every subscriber in your database, there are some basic rules. And the most important is that one about double opt-in for all subscribers.
Though email subscription check became a must-have condition for any company with an organic database more than 2 years ago, there are still websites that avoid it. So, if you haven’t got it already, now it’s high time to add double opt-in to all your newsletter requests and forms. Not having it is literally illegal.
At Redwerk, we integrated double opt-in subscription forms long ago. So, the only thing we had to do is to double-check them to avoid the collection of PII without human confirmation and to wipe out all the old contacts we were not sure of.
GDPR Informing
Now back to the part that everyone hates and jokes about. Remember myriads of “We updated Privacy Policy” letters? Nobody was happy sending those, but it had to be done in conformity with the law.
Depending on what services a company provides it had to send the updates of policies or add changes in term and conditions and then send it to their user base. Many companies have decided to cover all bases and have made global changes, informing everyone ever happen to be on their lists. But that’s another extreme, that GDPR calls to avoid.
At Redwerk we have decided to keep it as clean as possible, and after we had swept our database from old and excessive data, we prepared and sent a mailout with our Privacy Policy updates to all the EU & EU-connected citizens. We also included an explicit appeal to completely remove their personal information from Redwerk’s contacts due to GDPR rules.
Data Processing Culture
To complete our GDPR campaign, here at Redwerk office, we organized a team meeting and talked about the importance of protecting personal data processing and how we adhere to the new rules.
One more required condition for companies that have business relationships with EU countries and process personal information of European citizens is the availability of data protection officer. His/her responsibilities cover managing data processing, controlling GDPR compliance and being responsible for the protection of personal information. But it is a requirement only for companies with more than 250-heads team or those specialized in data processing.
What can happen if you are not GDPR-friendly?
With the current amount of information that is freely distributed on the web, most companies, even giants like Facebook, Google and US news websites did not take this new policy seriously and have already faced fines and blockings. It shows that GDPR is an essential innovation in the information field and everyone should observe it without exception (even if you have zero to none chance of getting European clients).
Don’t be shy, just comply!
Being a modern software development company means working with clients from around the world and dealing with various legal tides on a daily basis. But if you think that GDPR doesn’t concern you, you are utterly wrong. Even the slightest chance having a EU client obliges businesses to follow the new rules.
So, revise information management on your website and internally care about personal data of all your contacts and feel free to use Redwerk’s formula of essential GDPR-changes.
About Redwerk
Our close-knit team of first-rate profs offers a wide range of services, among which, we are proud to mention, Web and E-commerce development. We anticipate every action of the guest of your site, think through logic, dynamics, convenience. Trust us your idea, outsource web application development to our team, then your project will come to life. And on top of that, Redwerk techno-geeks has accumulated sufficient experience in the E-commerce software development and are here to lay out the best e-commerce solution for you to run your business online successfully.