Personal site owners, web agencies, eCommerce, businesses-all must comply with international and national privacy legislation such as the GDPR (Data Protection Authority).
Regulations are constantly evolving and can be complicated by very specific requirements, legal documents may not be valid if not properly drafted, even an outdated document can be a violation and carry heavy penalties.
This means that without an expensive legal professional and the right tools, adapting Apps, eCommerce, and even a blog can be exhausting and difficult.
iubenda makes compliance affordable, with solutions designed by a team of lawyers and the convenience that only cloud software can offer. power2Cloud as an iubenda partner can help you with your legal obligations so you can focus on your business.
But let's proceed in order, can you recognize if your site, your eCommerce, but also your Applications are compliant with GDPR, Cookie and Privacy?
These are crucial issues, as important for users as for companies, which as we said can incur unpleasant penalties. Browsing the web in fact, there are still many sites that do not have the Cookie banner or the Privacy Policy and Cookie information or are not properly configured.
In our work, we often have to point out to the sales manager, the marketing manager, but also to the business owner with whom we talk, when they are not compliant with regulations.
We have noticed that this is a little known and clear topic, which is considered very technical and is left to the website developer or legal consultants who, however, do not update them over time. At other times it even happens that this topic goes by the wayside, so it is not perceived as a priority.
That's why today we want to transfer to you the know-how you need to understand whether your online business is GDPR compliant.
power2Cloud as an iubenda partner has chosen this solution which is perfect for startups as well as enterprise companies, in fact it is used by more than 70,000 customers in more than 100 countries and by companies such as ANSA, Max Mara, Mediaset, Boggi Milano, Martini, Arduino and Mondadori.
All documents are drafted and monitored by lawyers and hosted on iubenda's servers to ensure that they are always up-to-date with respect to the latest legislative changes and aligned with third-party updates.
What this article is about:
How does GDPR apply to your business?
In order to be compliant, that is, to comply with the principles enshrined in the code regarding the processing of personal data and ensure their proper application, we come to the main requirements. We will list them for you in a simple, concise and non-technical way, advising you to contact our team to immediately equip yourself with the essential tools to be in compliance.
The main tools for online GDPR compliance are:
- Privacy Policy
- Cookie Policy
- Cookie banner
- Terms and conditions of sale (if you have an eCommerce or blog, for example)
All these documents and tools must be drafted and set up with the specific configuration of your website, eCommerce or Application in mind.
Copying Cookies and Privacy Policy from sites similar to yours is useless. Each eCommerce or website is structured differently and uses plug-ins and tracking, advertising and marketing tools for different purposes.
If your site is available in Italian, but also in English and French, for example, Privacy and Cookie Policy, but also Terms and Conditions must be written in multiple languages, because users must be able to understand them.
Clear, up-to-date and granular Privacy Policy
Let's start with Privacy Policies, which are required by law almost everywhere in the world.
This is a tool created to make the use of personal data transparent and protect it in a legally binding way according to current laws.
In Italy, the main privacy regulations are the General Data Protection Regulation (GDPR) and the Garante's Guidelines for the Protection of Personal Data.
Privacy Policies must be up-to-date and inform users at least:
- On what data you are collecting, and how;
- On their rights in relation to their data;
- On the purposes for which you collect data;
- On which third parties have access to their data and for what purpose
- comply with all the minimum requirements under Article 13 paragraph 1 of the GDPR
Regulations require that your policy be clear, always up-to-date, easy to understand, and list specific third parties in a granular manner.
As with all the other documents we are telling you about, regulations state that the Privacy Policy must also be visible and easily accessible throughout your website or app, so it is often included with a simple link to the policy directly within the footer.
However, to be transparent (this is one of the main purposes of privacy laws), you must make your Privacy Policy contextually available with a link either at the bottom of contact forms or on a banner prominently displayed when accessing your services or in each newsletter, if you have one.
How to manage Cookie consent in a regulatory compliant way
Let's turn then to Cookies and Cookie banner, what are they?
Cookies are an important tool because they can provide a wealth of information about your users' online activity.
Cookies are small text files that websites place on users' devices while they are browsing. They are processed and stored by the web browser and allow a large amount of data to be recorded, enough to identify users without their consent.
Cookies are the primary tool used by advertisers to track users' online activity so they can target highly specific ads and build their buyer personas.
This amount of data that Cookies may contain is subject to the GDPR.
Let's take a look together at some aspects related to Cookies and the dedicated banner, which we will also take up for further discussion later:
- The Cookie banner is the one that appears on a user's first visit. Does yours display "Accept" and "Reject" buttons? Both are mandatory and should be equally relevant. Yet still many people write that continuing or clicking anywhere on the site not only accepts Technical Cookies, but also Third Party Cookies. Beware this approach is not compliant!
- Did you know that consent by simply scrolling through pages on the site is no longer valid? Cookie walls are not allowed. Users must be able to granularly choose which features, third parties, and categories of Cookies to install. Scrolling down a page is considered an expression of consent only if, from the scrolling action, it is unequivocally clear that cookies are accepted and unavoidable.
- In addition, users must be able to update their tracking preferences at any time.
- It sounds trivial, but this should not be overlooked either: the banner should be visible, sufficiently discontinuous in the navigation of the site to be conspicuous
- The banner also must contain a link to the full Cookie Policy statement, detailing the purpose of processing, usage, and third-party activities available to the user
- At least 6 months must pass since the last acquisition of consent before users are subjected to a new
- The collection and proof of consent is very important. It is mandatory to record the consents obtained to enable the company to prove that the user actually gave his or her.The data recorded must contain information on: who gave consent; when and how the individual user's consent was acquired; the consent collection form presented to the user at the time consent was collected; and a reference to the legal documents and conditions in place at the time consent was acquired. It is equally important to name adata controller.
- We then come to the preemptive blocking of all unnecessary Cookies, until consent is received from the user
- Banner and Cookie Policy must be available in all languages in whichyour site/service is provided
Don't forget that Cookie consent collection rules change from country to country and may be subject to updates. If your company is based in Italy,you have until January 10, 2022, to comply with the upcoming updates.
Terms and Conditions define the terms of use of your site in a legally binding manner
They are known as Terms and Conditions, but also Terms of Service and Terms of Use, which are important because they define the terms of use of your site, eCommerce, App in a legally binding way.
Dealing with it would seem easy, yet Terms and Conditions must meet complex and highly specific scenarios, predicting everything that might affect your work, your business processes, your business model.
Terms and conditions are as important to protect consumers as the company, think for example of clauses relating to shipping and delivery, payment methods, but also refunds, contain clauses relating to copyright, disclaimers, and conditions of sale, allowing you to specify the applicable law, list mandatory consumer protection provisions.
Again, as with Cookie Policies, the Terms and Conditions must always be up to date with the relevant regulations.
Let's look together at some of the instances where you need to equip your platform with robust Terms and Conditions documentation:
- Whether you anticipate registration for users
- you want to define rules for user behavior (including comments) and give reasons for closing an account;
- Whether your users can upload content
- whether they can leave comments
- If they participate in affiliate programs
- To explain how your products/services and content can be used
What is iubenda? Helps you be compliant with legal obligations online
If all these aspects seem like a headache to you, we have the solution for you, iubenda.
power2Cloud has chosen among many cloud solutions that of iubenda to offer simple, comprehensive and professional support to comply with regulations, and always be compliant with online legal obligations.
Perfect for startups, SMEs or enterprise companies that belong not only to the retail world, iubenda is a versatile platform that integrates into any site, those made with WordPress for example, but also in eCommerce using Shopify, ebay, Amazon, WooCommerce, Magento or other providers as sales platforms worldwide.
iubenda is a complete solution: it is a Privacy Policy Generator, Cookie Policy Generator, but also a useful tool to protect all the data collected on the site visited by users.
Request a no-obligation consultation with one of our experts now.
