What is GDPR and how does it affect your website? The General Data Protection Regulation (or GDPR), is the European Union regulation that came into force on May 25, 2018 with the aim of regulating the rights of natural persons in relation to the use of their personal data. With the entry into force of the Organic Law on Personal Data Protection and Guarantee of Digital Rights (or LOPDGDD) in December of the same year, this has become the main regulatory framework of reference in the field of data protection, adapting the Spanish legal system to the provisions of the RGPD.
The RGPD and the LOPDGDD approve a new regulatory framework that establishes how the personal data of individuals should be treated in all environments, and websites were not left out.
It may seem at first glance that a website does not collect or process personal data, however, this is very unlikely. To identify if our web page treats personal data we must follow the following steps:
1. Analyze my website for forms where users can enter their data (e.g.: newsletter sign-up banners, contact forms, chatbots, space for comments, etc.).
2. Open the control panel to see what Cookies are being used and what type they are (the most common are those of Google Analytics, Youtube, Maps, and own).
3. Find out if my website is using the browser's local storage rather than 'Cookies in the strict sense' as this data should be treated as Cookies.
Because the GDPR establishes the need to inform users of the processing that their personal data will receive before it takes place, in the event that you offer users a means of contact (such as an email or a phone number) so that they are the ones to contact you, you must also comply with the duty to inform them about the treatment that you will give to the data that you may collect in that contact.
Well, according to this regulation, the informative duty translates into the obligation to make available to all users and/or customers the information called Privacy Policy, which must be visible at all times and is part of the legal texts that a website must have.
The Privacy Policy should inform the user about the personal data being collected, as well as the means by which it is collected, its storage and processing. Likewise, the Privacy Policy shall also inform about the measures that have been taken to ensure the security and lawful use of the personal data you share through the website.
The RGPD and the LOPDGDD also establish a series of obligations in relation to the use of Cookies that we study in this blog article"How should a website's cookie banner look like?".
The Privacy Policy and Cookies regulation are only part of the legal texts that your website must have. Ibamu offers you a simple and unique solution so that your website always complies with the regulations that apply to it, not only in terms of data protection, but also the Law of Consumers and Users or the Law of Services of the Information Society, among others.
