We’ve implemented the General Data Protection Regulation. Here’s how we did it!
General Data Protection Regulation (GDPR) will come into effect on May 25, 2018. We are glad to report that we have done all the required regulation to become GDPR compliant. Our steps to GDPR compliance could also be a practical guide* for your own website if you may. Here is what we did to be GDPR compliant:
Implemented checkboxes for opt-in consent in all our forms
We currently have three main forms where you can reach us for various reasons. We’ve implemented checkboxes for opt-in consent in each one of them: 1. Contact form (general, presale or support questions) 2. Subscribe form (newsletter) 3. Google form (feedbacks)
The checkboxes are unchecked by default as a GDPR requirement - consent must be explicit, not implied.
Contact Form GDPR consent checkbox.
Subscribe Form GDPR consent checkbox
Google Form GDPR consent checkbox.
Implemented explicit contact for GDPR requests
If you are using WordPress, there are a lot of cookie consent plugins. Our website is generated by Jekyll and we use this script.
Set Google Analytics to automatically delete user and event data after some time
Thankfully, Google Analytics now lets you manage how long your user and event data is held on their servers. We’ve set data retention for 14 months. After 14 months user data and event is deleted automatically.
Set other self hosted platforms or 3rd parties to automatically delete user data after some time
Google Analytics is not the only platform we use that helps us get better understanding of our customers’ needs. We also use Livezilla, a self hosted platform that collects user data via contact, chat, feedback, visitor tracking etc.
- Who we are
- Information we collect and how we use it
- Contact/Ticket submission forms
- Chat forms
- Newsletter subscription forms
- Google forms
- Affiliate sign-up forms
- Payment processing forms
- Website Analytics
- How do we process payments?
- PCI Compliance
- Fraud Protection
- External Links
- Third-Party Disclosure
- Breach Notifications
- Your rights
- Right to information
- Right to access
- Right to rectification
- Right to withdraw consent
- Right to object
- Right to object to automated processing
- Right to be forgotten
- Right for data portability
- How can you exercise your rights?
- California Online Privacy Protection Act
- COPPA (Children Online Privacy Protection Act)
- Business Info
Conclusion - here are the main completed tasks for our GDPR implementation
This article is not intended for use as legal advice for your company in complying with GDPR. Please contact a lawyer for legal advice regarding your business.