There is a lot of discussion about the GDPR at the moment.
Thanks to the European Union.
The General Data Protection Regulation (GDPR) is a regulation (binding legislation, not just a directive) by which the EU intends to strengthen and unify data protection for all individuals from the European Union (EU).
It also addresses the export of personal data outside the EU.
It aims primarily to give control back to EU citizens and residents over their personal data and to simplify the regulatory environment for international business (any company that is gathering, processing or storing the personal data of EU citizens).
It applies to all companies (globally) that are processing and holding the personal data of those residing in the European Union, regardless of the company’s location.
Although the GDPR was introduced two years ago, it becomes enforceable starting May 25, 2018.
What type of data is considered to be “personal data”?
Any information related to a natural person or “Data Subject,” that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
In general, consent needs to be explicit, opt-in and freely given. This means the popular opt-out based consent of today will no longer be acceptable. And the reason I removed the one youhad.
Does your company need to appoint a Data Protection Officer (DPO)?
DPOs must be appointed in the case of (a) public authorities, (b) organizations that engage in large-scale systematic monitoring, or (c) organizations that engage in large-scale processing of sensitive personal data. If Euro-Divers doesn’t fall into one of these categories, then there is need to appoint a DPO.
In order to have the website compliant with the GDPR ( https://www.itgovernance.eu/blog/en/10-steps-to-gdpr-compliance-how-prepared-are-you ), you MUST show visitors to the site what cookies are used AND give them a chance to op out. They also need to have the chance to change their mind and come back to the site if needed.
If you do not have this there are severe penalties. Starting from about 4% of yearly business income. Up to 20M Euros in fines.
With this in mind, I implemented the proper way to ask for consent and list the cookies used by my website.
First if you clear your cookies on Google Chrome Browser: Click on the green padlock icon in the url bar at the top left of your browser when visiting the site you will see a tab come down and “Cookies” displayed on it. Then click on cookies and select one by one web-of-friends.com and www.web-of-friends.com to remove them. Then reload the page.
The code I use on the site is Free for one month. The provider of the code is Cookiebot ( https://www.cookiebot.com/en/ ) and they will scan the website once a month to look for any changes as the cookie list has to be updated regularly. Hence the monthly fee for websites with a lot of pages.
If you manage a WordPress website, they also have a plugin to help you install it with easy instructions. You can find the plugin at WordPress.
Here are the steps I followed:
You need to declare your cookies and visitors can accept or not, use this: https://www.cookiebot.com/en/ You can ask for a non-binding offer from them as they crawl your site.
When you have access to Cookiebot, look for “your scripts”. The first one is to be included on all the pages on your website. In WordPress it means that you add it before the </head> tag in header.php.
All done. Keep looking at and improving your policy page.
The EU will not come at your door and give you a huge fine if you are still not ready. Most likely is that you will receive a notice at first. So keep calm and work on your page.