Jason Parms

Times are changing and so are the regulations concerning the privacy of data exchanged during online transactions. A revolution is emerging in the form of a new security regulation called GDPR, which stands for General Data Protection Regulation. You will agree with the fact that every website is the face of an organization. Hence, it is pertinent for all those organizations which either process or control personal information of users to ensure that their websites comply with certain privacy stipulations. So, if you are one amongst those organizations who want to offer transparency to online visitors, this blog will shed light on everything that revolves around the implementation of this newly released GDPR ordinance.

Behind the Scenes of GDPR


The acquisition of WhatsApp by Facebook in 2014 involved a huge sale figure of $19 billion. Since WhatsApp was unable to capitalize on its users, Facebook fixed the value of every WhatsApp user to $42. This is again a big number. All those WhatsApp users who haven’t read its privacy policy regarding sharing your personal data are now at a loss.

Facebook Paid $42 Per WhatsApp User

WhatsApp did have a privacy policy in place, but since you either missed or chose not to read it in full, your personal data will now land in the hands of Facebook. This situation brings to light a major shortcoming on part of companies either storing or processing online user information. Much to the disadvantage of users whose online profile is jeopardized, the emergence of statutory regulations concerning websites and their use of personal data was called for.

The Objectives of GDPR


In an attempt to safeguard the online data of European netizens, a new repository of rules titled GDPR were brought into place. Allowing European citizens to exercise a better control over their personal data, the rules of GDPR are bound to positively impact both the parties of trade; the customers and the companies. Hence GDPR primarily revolves around how the European Union (EU) and all those countries engaging in trade with the EU can make the most of the flourishing digital economy.

While the privacy reforms were established in December 2015, it was declared that by May 25th 2018 all the digital companies should ensure greater transparency of online dealings. The stipulations revolved around sharing and processing of user information, consent to share and privacy of the personal data.

All the important information including your first name, email ID and your residential address along with location details, IP address, your sexual orientation along with your religions and political opinions are now saved on different interfaces. Banks, online shopping portals, social media platforms, online retail interfaces and government websites can now access all this information. Hence, it is the need of the hour to ensure that this huge repository of personal information is secured from privacy breaches. And this is where the rules of GDPR come in, to positively impact the businesses of the EU and beyond.

What’s in Store for Online Users


Once websites comply with the stringent GDPR norms, data subjects can exercise a better control over the following parameters; the rights of online users with regard to protecting their personal data.

  1. Users can now call the shots, securing their interests with regard to divulgence and access to their personal information.
  2. In the event users wish to update or delete this information, a rectification facility followed by a complete erasure of information can also be availed.
  3. In addition to benefiting from strict restrictions on the processing of personal information, they can safeguard their data portability requirements.
  4. Allowing users to come out with reservations regarding an undue publicity of personal data, the GDPR allows uses to revise their automated payment decisions or profiling features.

The GDPR Compliance Checklist


In addition to ensuring that your online presence complies with all the stipulations laid by GDPR, you as an enterprise should make it known to users that your website is GDPR compliant. In the event that you do not comply with these rules, you will be liable for hefty fines and penalties.

It is better to be safe than to be sorry! In line with this common maxim, you can tick off all the boxes of the checklist described below, so that you leave no room for non-compliance of GDPR.

The Opt-Out Option

It is now a mandate for websites to allow users the freedom to permanently disallow websites to store and process their personal data. That means, users will have the last laugh, withdrawing their data that was earlier stored in the form of cookies. This feature comes into play with payment gateways which store bank specific information of online shoppers or users.

The Cookie Consent

However the fact that cookies bestow enhanced user experience, they should be applied only after the users provide their consent for using their data. Hence all the GDPR compliant websites should seek the consent of users in processing their personal information.

Cookies stated in GDPR Compliance Recital 30 as below.

Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags.

This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

The Terms and Conditions Page

GDPR makes it imperative for websites to have a separate page for ‘Terms and Conditions’ and that users should be informed that their business operates with its own T&C. Every time visitors visit any website, the GDPR compliance stipulates that users should be redirected to the T&C page.

Do Away With Default Options

Websites should do away with default settings. There can be an instance when a user does not want to register his/her email ID to receive promotional messages. In such a case, the website should always leave the option box unchecked, allowing users to key in their choice.

Seek Limited Information

You as an online user must have encountered situations when apps and websites seek unnecessary information. You might notice an evident mismatch of what the app offers you when placed in tandem with the unrelated information it seeks. This is a red flag that is addressed by GDPR. Through this regulation, apps and websites will be restricted to pick up user information from social media apps or user contact forms.

Enhanced Web Security Using an SSL Certificate

SSL stands for Secure Sockets Layer. With an SSL certificate, you can vouch for the overall security of your website. Once your website is endorsed with an SSL certification, you will be able to enable visual security indicators on your website. In turn, you can instill a sense of confidence in users that their online profile is safe on your website. Let’s see different types of SSL certificates.

The Appointment of a DPO

The appointment of a Data Protection Officer (DPO) who will be ordained to oversee the processing of large amounts of special data will ensure greater security to your website, securing all your company-specific information. A disclosure that your website is governed by a DPO will enhance its credibility. Hence, the availability of a DPO should be notified in your privacy policy.

DPO roles classified in EU GDPR Recital 97.

In the private sector, the core activities of a controller relate to its primary activities and do not relate to the processing of personal data as ancillary activities.

The necessary level of expert knowledge should be determined in particular according to the data processing operations carried out and the protection required for the personal data processed by the controller or the processor.

Such data protection officers, whether or not they are an employee of the controller, should be in a position to perform their duties and tasks in an independent manner.

Tackling the Unwarranted Data Breaches

The mandate of GDPR calls for the privacy policy of every enterprise to notify all the users of a data breach. In the event of such unwarranted instances, explaining what led to the data to be compromised.

The IP Address Tracking Intimation

Websites should notify users if they are employing 3rd party tools that are used to trace the IP addresses of users. It is also pertinent that users are informed about a comment system that your website operates.

Tailor-Made Privacy Policy

One size does not fit all. This is so true in the case of every website which requires its own privacy policy. While you can refer to the privacy policies of other websites, you should abstain from blindly copying it. Hence it pays to come up with a tailor-made privacy policy that is in sync with your data security and business needs.

Key Takeaways


All in an attempt to plug the gaps that emerge out of enhancing user experience, it is the need of the hour to secure the online presence of your users. Only then, will the users make a conscious effort to transact with you. The ground rule for an enriching online business would be: users should know what information they are shelling out and websites should publicize to users what data they are seeking. All these concerns are addressed by the GDPR; a welcome move bound to change the face of a user’s online journey.