Compliance Changes for the new European General Data Protection Regulation (GDPR)

<  Blog Home
May 23 2018
May 23 2018
By

You may notice that a new Cookie Consent notice appears at the top of your site today. This is a new requirement for compliance with GDPR, and we've added it to try to help your site be compliant.

As of May 25, 2018, websites that process Personally Identifying Information of European residents, need to be compliant with the new GDPR rules (General Data Protection Regulation). There is still a lot of confusion (and hysteria) around the exact scope of this law. But over the coming weeks and months we will likely see the European Union audit larger sites, issue fines or perhaps graciously notify them how to fix mistakes if there was good faith. There will likely be court cases that challenge parts of the law (in Europe and in the U.S. where the EU has complicated authority to enforce their law against U.S. companies that don't do business in the EU). The scope and best practices will be clarified and we will need to make adjustments as necessary.

But the general consensus at this time, is that every website around the world needs to be compliant, if they have European visitors (because even logging IP addresses in your server logs have to be protected).

You may take this self-evaluation checklist to see if you are compliant, but we recommend you speak with a lawyer to understand exactly how they apply to you and make plans to be compliant.

WHAT IS GDPR?

GDPR is a complex set of European laws that govern how you gather, get consent, use, share, and protect personal information. These are honestly good "best practices" for respectfully treating your visitors and customers (e.g. do not share personal data without consent). Compliance with these rules, also provides businesses with additional legal protection (e.g. you should have a Privacy Policy and be doing most of this already anyway). The U.S. has a patchwork of many similar state laws already, and may add their own federal rules soon as well, so it is good to to get compliant now. The GDPR requirements are complex, but some of the main requirements are listed below (NOT EXHAUSTIVE).

REQUIREMENTS FOR YOUR ORGANIZATION

• Notify Authorities of Data Breach within 72 hours.
• Privacy Policy. Provide a link to GDPR compliant Privacy Policy
• Cookie Consent Notification: Enable a cookie consent banner at the top of the site, which describes how cookies are used and gives users the option to opt-out.
• Data Usage Consent and Audit Trail: On all forms that collect data, there must be a clear statement about what the information will be used for and who (if any) it will be shared with.

RIGHTS OF THE VISITOR

• Right to be Forgotten: When requested, you will delete all user's data.
• Data Portability: When requested, you will provide a file with all user's data.
• Access: When requested, you will describe how data is stored and what third parties it is shared with.
• Rectification: When requested, you will correct user's data.

STEPS TAKEN

Updated Gutensite Privacy Policy. Gutensite has always protected your data in compliance with industry best practices and so we don't need to change our practices for GDPR, but we have updated our privacy policy to define key terms, and add language describing how we comply with GDPR.
Updated Default Privacy Policy. Your website comes with a default privacy policy (which you may not have activated), which should be customized by you and your lawyer to properly describe how you collect, store, use and protect your users' data. We've updated the default policy, but you should also review this privacy policy, customize it for your needs and activate it. See our article about how to customize a Privacy Policy and Terms of Service.
Cookie Notification. GDPR compliant websites must notify visitors of the use of browser "cookies" (small files that store preferences and track activity of the user), and must give visitors the option to accept or decline. The default cookies on your website are key to the functionality of your website because they store "session" information. But if you use third party widgets (e.g. Google Analytics, Google Maps, MLS properties with tracking, etc) you will need to provide clear language notifying users of the cookies you use and how the data is protected or shared.
For safety, we have enabled this for all sites. But you can disable it in your Site Info if you need to.

ACTION ITEMS FOR YOU

• Self-Assessment. Take the GDPR self-assessment and then talk to a lawyer if your are concerned about compliance.
• Review Processes. Review your internal data handling processes and make sure they are compliant with GDPR and general best practices for protecting user's data.

 

Note: Even if you think GDPR doesn't apply to you, every website is legally required to have an accurate Privacy Policy that informs your visitors what information you collect and how you use that data. You should also have a Terms of Service agreement if you sell products or services.We provide default pages with generic policies that you can use when you first create your website, but you should consult a lawyer to help you customize these your business. See our article about how to Write a Privacy Policy and Terms of Service.



Archives

June 10, 2022

Common Questions about Migrating Your Website from 1.0 to 2.0

Common Questions about Migrating Your Website from 1.0 to 2.0
Your website on the retro 1.0 version of our platform will continue to function until at least June 2023, and after that we will keep the old platform working as long as is necessary/reasonable to ...
June 06, 2022

Upgrade Your Old Website to Prevent Lawsuits and Improve Marketing

Upgrade Your Old Website to Prevent Lawsuits and Improve Marketing
Over the last few years, we have been working on the overly ambitious project of rebuilding our Website Builder and Content Management System based on modern coding standards, cutting edge design, ...
June 10, 2022

The New Gutensite Website is Live on Our New Platform!

The New Gutensite Website is Live on Our New Platform!
Did you notice we just launched a new version of our website? Go to https://gutensite.com to see what's new. Look around and imagine how your business could be helped if we transformed your website ...
October 06, 2021

ADA Compliance and Website Accessibility Standards

ADA Compliance and Website Accessibility Standards
Chadwick Meyer
In the last few months clients have had a growing paranoia about a growing number of ADA lawsuits (Americans with Disabilities Act) for website accessability. There have been reports of "serial ...
September , 2021

New IDX Widget Going Live for Everyone

Chadwick Meyer
As part of our ongoing efforts to improve our system and also stay up to date with the changing technology requirements of each MLS, we have created an entirely new IDX Widget that was released to ...

2022 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2021 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2020 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2019 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2018 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2017 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2016 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2015 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2014 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2013 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2012 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2011 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2010 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2009 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2008 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec