Skip to content
Growth Hub
Technology

A Quick GDPR Guide for Your Cookie and Privacy Policy Updates

MarketStar Editorial Team
A Quick GDPR Guide for Your Cookie and Privacy Policy Updates

You already know that your organization is expected to be General Data Protection Regulation (GDPR) compliant by May 25, 2018. If you have not updated your organization’s website yet, here’s a guide that cuts the muck and gets straight to the point. 

Your website must now have two mandatory components: 

  • Cookie Policy 

  • Privacy Policy

 

Note: You can no longer club the two. 

The Content of Your Cookie Policy 

The policy should clearly cover the five points delineated below:

  1. If you make use of cookies, which you most likely do, say so unambiguously. 

  2. Explain what cookies are in layman terms. 

  3. There are several types of cookies that can be used. Name the ones that your website uses.

  4. There is a purpose behind your and/or third-party use of cookies. Tell the visitors what it is. 

  5. The users can choose not to have cookies placed on their devices. Tell them how that’s possible. 

Note: Display a banner on your website that conveys your website uses cookies and that if the visitors continue to browse the website, it would be assumed that they consent to this use. Let them know that cookies can be user controlled, and they can find more information about them on your cookie policy page. 

The Content of Your Privacy Policy

You are expected to cover 7 points as stated below: 

  1. Mention who controls the data. If your business is a data processor for some other business, then you are the data controller. State clearly that the control lies with the visitors when it comes to data that is voluntarily provided by them. In cases where data is collected automatically (through cookies, for example), you are the controller of the data. 

  2. Provide the contact information of the data controller (an email address, mail address and phone number) as visitors might want to modify or delete their data. Some organizations have a data protection officer, if you have one too, provide his/her contact information. 

  3. Certain websites collect data for automated decisions and profiling. It could be for loan screening, credit rating and so on. If yours is an organization that collects data for such purposes, make this fact known to the users.

  4. People now have some fundamental rights as part of GDPR. Your website must spell these rights out. To know what those rights are, click here. Additionally, people have the right to make changes to information they’ve provided, restrict or object to processing their data. They also have certain rights when it comes to business entities making automated decisions and profiling. 

  5. It is possible that some visitors might not be willing to share the data that you request. Tell such visitors the consequence of doing so. For instance, it could be your inability to give them access to certain web pages or information, unless they provide the requested data. 

  6. It is necessary to tell users how you safeguard internationally transferred data. For instance, your servers might be in the US whereas you collect data in the EU. In cases like this, we recommend you mention that you have a data protection agreement with the company that hosts your servers and that you are willing to provide the agreement if requested. It is also wise to have a disclaimer conveying that the data protection laws of the users’ country might be more efficient and comprehensive than the one where their data is being stored. 

  7. Your website must mention the legal basis for processing data. Of course, you collect data post user consent, but what do you do with it once it’s collected? Mention that. It could be communication with the user for marketing or simply enhancing user experience. The most common legal bases for data collection are - data processing as per the wish of the user and data processing that is a must to pursue a legitimate interest in the user’s favor.

Conclusion: Ensuring GDPR Compliance

Ensuring GDPR compliance is crucial for your organization’s website. Make sure your Cookie Policy clearly explains the use, types, purposes, and user control of cookies. Your Privacy Policy should detail data control, contact information, user rights, data collection purposes, consequences of data refusal, international data transfer safeguards, and the legal basis for data processing. By following these guidelines, you will ensure compliance and build trust with your users. 

Tags:

On this Page

Most Popular

Related Blogs

VIEW ALL