Welcome to the World of GDPR-Compliant Websites

World of GDPR Compliance Websites

Facetiously, cybercrime is a thing of past. In Europia Utopia, families can skip about using the Internet on their mobile devices without fear of malice.

Virtually everyone with a website, and certainly those with e-commerce sites, have had their noses pressed to their computer displays and fingers glued to their keyboards for weeks, if not several months. General Data Protection Regulation (GDPR) is the most significant change to the Internet in over 20 years.

Surfing the Internet used to be like slow dancing with pickpockets when it came to visitor data. Sophis­ti­cated programmers would extract as much information as they could from you, often without you knowing of its absence. And these were not even the malicious hackers. When you intentionally shared data, it could be dispersed far and wide. It’s enough to make you fearful of the well-intentioned.

World of GDPR Compliant Websites

The global website change is not a graphic style update like the use of dropshadows or Adobe Flash, though some people may use the opportunity to modernize site designs. This change is much more subtle. Yet, it has the potential to end both illegal and legal businesses.

Europia Utopia

He who regulates the Internet, rules the world. GDPR is the utopian European regulation developed to benefit residents of the European Union. It is in this dreamland that no harm can come to anyone using the Internet.

Do you believe cybercrime is a thing of the past? Are you safer now that May 25, 2018 has arrived? This is the date Europe set a precedent by effecting global compliance to GDPR. It adds teeth to the demand with ferocious 6- to 7-figure fines for lack of submission.

If your e-commerce shop is available in Europe, you probably have to comply with GDPR.

Global companies with a footprint within the European Union will be the first to feel the bite. Next up are corporations with 250 or more employees. Such companies are spending millions up front to keep from being bitten twice. Sole-proprietors and freelance site operators are also under scrutiny.

“It doesn’t matter if the company is in Europe, outside of Europe, or on some island,” says Dr. Christoph Bauer, CEO of ePrivacy. “If the services are offered to European customers, they need to follow the law.” So if your e-commerce shop is available in Europe, you probably have to comply with GDPR.

Perhaps the only ones off the radar for now are some intranets (if they don’t have customer data), old archived sites lacking cookie technology or forum members, and sites without Google Analytics, visitor tracking or contact forms.

Companies beyond European borders require cooperation of local governments to prosecute, regardless of business size. Oddly, there may not be any compensation for the prosecutors or victims outside Europe. Only the attorneys, programmers and cybersecurity experts seem to be financially benefiting beyond the realm of Europia Utopia.

Building free apps to collect large databases of personal information, later leveraged for advertising dollars is disrupted.

GDPR disrupts a common business model of legally building useful free apps for the sole purpose of collecting large databases of personal customer information, later leveraged for advertising dollars.

What Are Businesses Doing To Comply?

Personal data collection now requires unambiguous consent without a future alteration of purpose unless further consent is given. It sounds easier than done.

Wording needs to be concise (writer); access needs to be intuitive (designer); consent needs to be captured (programmer); terms need to be binding (attorney); data needs to be secure (IT). To build an audit trail on customer data in your accounting software, hire an accountant. If you have data coprocessors (trust me, you do), then your data security needs to mesh with their GDPR compliance.

Consent affects the website structure—down to the cookie level, data processing, email, and telemarketing. Upon request, a system must be in place to expediently retrieve customer data from all coprocessors and deliver to European visitors copies of personal data. The right to be forgotten requires companies to erase data from your systems and all coprocessors when legally feasible.

Businesses need to decide whether they will apply the regulation to every customer or monitor geographic business practices with separate guidelines. For some, the requirements are too onerous. They have decided to stop servicing European customers.

Whack-A-Mole Consent

For all the time and expense, the most obvious change to visitors is a plethora of annoying pop-up consent boxes. Thank Europe for more transparent data-use disclosures and consent-based forms. Many privacy notices have been updated. Your mailboxes are probably full of such notices by now.

When you are part of an e-commerce platform, some data fields may be inaccessible to site owners for security reasons. Until the backend is enhanced, merchants may need to devise clever workarounds in order to provide disclosures near the point of data capture. Some of the third-party tools that assist, save copies of customer data. Merchants must exercise caution and good judgement when adopting solutions.

ClinicalPosters has enabled pop-up consent boxes. Several notifications and opt-in options are available during checkout.

ClinicalPosters is More Secure

With these things in mind, ClinicalPosters is much more GDPR compliant, and has updated its Terms of Service and Privacy Policy to reflect this. Through the process, some previously announced features were discontinued and new ones were added.

With intelligent caching and image optimization, the home page loads faster; collections with 16 product images take a second longer; other pages load at least 40% faster than previously. (Actual time is based on many factors, including geographical location, Internet connection, and computer processor.) Already secure data has been placed behind another firewall.

Already secure data has been placed behind another firewall.

How secure is your personal data? Imagine a lockbox placed inside a large safe that is crated up before storing it inside a bank vault. Then mount security cameras and motion detectors outside the bank, within the bank lobby, and inside the vault. Hire full-time security with snipers and run background checks on anyone entering.

Where Are You Now?

It is no longer a game to see who gets the most likes, followers or subscribers. Any one of them whose data you don’t secure properly, that resides in Europe, is a ticking time bomb.

Time is up. If your computer display does not have your nose prints and your sticky keyboard is not covered with Cheetos dust, cancel your plans for the weekend. Put on a pot of coffee, order some pizzas and silence your phone ringer. You have work to do.

Consider installing geolocation-specific compliance tools. Some organizations have a dispro­portion­ately small number of European-resident customers or visitors. Yet, satisfying the needs of few can require overhauling virtually every data process for the many.

MailChimp provides great email marking tools. Enabling GDPR compliance limits some options and requires new methods of email capture and storage for the entire mailing list. Though the deadline was May 25, 2018, expect many companies to continue refining their websites to achieve ideal customer data privacy. Does this make you feel safer?

Read next article

'Will Companies Brexit EU Over GDPR?'
'Why Companies Should Embrace GDPR'