GDPR: 4 rules to know for a compliant website
Posted: Sat Dec 28, 2024 8:29 am
If you are considering creating a website , there is one fundamental issue that you cannot escape: data protection.
Since 2018, the European General Data Protection Regulation (GDPR) has strictly regulated the collection and use of Internet users' personal information. In France, the National Commission for Information Technology and Civil Liberties (CNIL) is responsible for enforcing the GDPR.
Until now, the CNIL has limited itself to simple warnings to websites that did not comply with the GDPR. There was, in fact, a waiting period, which ended in 2021. From now on, companies that are not " GDPR compliant " are exposed to heavy sanctions. The fine can represent up to 4% of annual turnover, or even reach 20 million euros!
The GDPR is therefore not to be taken lightly. To help you follow its principles japan telegram phone number list we share with you the 4 main rules to know for a compliant e-commerce site.
But before that, let’s go back over the key concepts related to GDPR.
GDPR: the main principles
The GDPR governs the collection and processing of personal data of Internet users in the European Union.
This personal data is any information that can be used to identify a person . This could be an identifier, a name, a number or a geolocation, for example.
The GDPR thus requires companies to ask for consent from data owners in order to collect and use data for marketing purposes. This applies to information collected via a contact form, a customer review or the creation of an account on your website.
The GDPR also concerns cookies . These are small files stored on your browser terminal, associated with a domain name. They are used, for example, to:
Remember a customer ID,
Save the contents of a shopping cart on an e-commerce site,
Track an Internet user's browsing in order to produce statistics, etc.
Your obligations under the GDPR
As the editorial manager of the website, you are subject to certain obligations to ensure compliance with the GDPR.
In particular, you must:
Ensure that the Internet user's consent is informed, unequivocal and explicit ;
Secure Internet users' data : you ensure the integrity and protection of the data collected, while minimizing the risks in the event of loss (in the event of hacking, for example);
Keep a data register : this allows you to prove that you have obtained the consent of Internet users, and when (the CNIL provides an example here );
Guarantee the right to withdraw : an Internet user can request at any time to no longer discuss and use their personal data, even if they have previously given their consent.
Inform Internet users : they must know what data you collect, as well as when and how, what you do with it (processing, storage) and whether third parties have access to it.
This last point is important. You must inform Internet users if their data is transmitted to partners or subcontractors. They too are subject to data protection regulations.
Finally, despite all your precautions, you may be the victim of a malicious act. Zero risk does not exist. It is precisely because of the proliferation of online services and the fraudulent use of data that the GDPR was introduced. Therefore, in the event of a data breach , it is imperative to report it to the CNIL, directly on their website.
Since 2018, the European General Data Protection Regulation (GDPR) has strictly regulated the collection and use of Internet users' personal information. In France, the National Commission for Information Technology and Civil Liberties (CNIL) is responsible for enforcing the GDPR.
Until now, the CNIL has limited itself to simple warnings to websites that did not comply with the GDPR. There was, in fact, a waiting period, which ended in 2021. From now on, companies that are not " GDPR compliant " are exposed to heavy sanctions. The fine can represent up to 4% of annual turnover, or even reach 20 million euros!
The GDPR is therefore not to be taken lightly. To help you follow its principles japan telegram phone number list we share with you the 4 main rules to know for a compliant e-commerce site.
But before that, let’s go back over the key concepts related to GDPR.
GDPR: the main principles
The GDPR governs the collection and processing of personal data of Internet users in the European Union.
This personal data is any information that can be used to identify a person . This could be an identifier, a name, a number or a geolocation, for example.
The GDPR thus requires companies to ask for consent from data owners in order to collect and use data for marketing purposes. This applies to information collected via a contact form, a customer review or the creation of an account on your website.
The GDPR also concerns cookies . These are small files stored on your browser terminal, associated with a domain name. They are used, for example, to:
Remember a customer ID,
Save the contents of a shopping cart on an e-commerce site,
Track an Internet user's browsing in order to produce statistics, etc.
Your obligations under the GDPR
As the editorial manager of the website, you are subject to certain obligations to ensure compliance with the GDPR.
In particular, you must:
Ensure that the Internet user's consent is informed, unequivocal and explicit ;
Secure Internet users' data : you ensure the integrity and protection of the data collected, while minimizing the risks in the event of loss (in the event of hacking, for example);
Keep a data register : this allows you to prove that you have obtained the consent of Internet users, and when (the CNIL provides an example here );
Guarantee the right to withdraw : an Internet user can request at any time to no longer discuss and use their personal data, even if they have previously given their consent.
Inform Internet users : they must know what data you collect, as well as when and how, what you do with it (processing, storage) and whether third parties have access to it.
This last point is important. You must inform Internet users if their data is transmitted to partners or subcontractors. They too are subject to data protection regulations.
Finally, despite all your precautions, you may be the victim of a malicious act. Zero risk does not exist. It is precisely because of the proliferation of online services and the fraudulent use of data that the GDPR was introduced. Therefore, in the event of a data breach , it is imperative to report it to the CNIL, directly on their website.