Are you providing them with the options to accept, reject or modify their cookie preferences? Is your cookie banner appropriate?
If you’ve answered “no” to any of these questions, then your website doesn’t comply with the GDPR (General Data Protection Regulation).
So what can you do about that? A good place to start is the Data Protection Commission’s advice on cookies and other tracking technologies and its report on the way organisations are meeting the Regulation’s requirements.
But what about organisations that are happy with your privacy notice and have updated their cookie banner and policy so that it reflects the DPC’s recommendations? Does this now mean that your website is demonstrating your GDPR compliance?
You also need to consider:
- If you are processing personal data on your website, you must document an appropriate purpose as well as an Article 6 lawful basis for this processing?
- If you are processing children’s personal data online, you need to ensure you have an Article 9 exemption, as well as a lawful basis and purpose for the processing.
- If your website is displaying photos or videos (or links to either) and these media contain people – you need to ensure that you have a GDPR-compliant lawful basis and purpose for processing these images.
- If you are using an online application form or online “contact us” form, you must check that your wording appropriately outlines the purpose and lawful basis for capturing this information.
- Whether information being gathering via a “contact us” form is being used for purposes other than that which is was collected, such as marketing. If so, you should check whether you have a lawful basis, inform data subjects of your practices and provide a link to your privacy notice.
- If you are gathering information via your website, how long are you storing this information and how is it protected? Are you making people aware (via the privacy notice) of these details?
- If you are using testimonials from clients on your website, have you obtained their consent to quote their names? How long are you storing their consent?
If you think your organisation needs to work on any of these requirements, you must act now. The DPC recently published a report stating that will start enforcing cookies requirements more rigorously, following an investigation that revealed widespread non-compliance.
So, what’s next?
You can get up to speed on the GDPR and how it’s obligations affect you (including your webpages) – check out our Certified GDPR Foundation Training Course.
This one-day course is delivered by an experienced data protection expert, and provides a comprehensive introduction to the Regulation and its rules.
It is ideal for managers who want to understand how the Regulation affects their organisation and employees who are responsible for GDPR compliance, and is available in a variety of forms, including online and self-paced.