Please note: this article does not constitute legal advice. It is meant only to educate.
What Is a Website Policy?
Examples of these types of information include:
- First and last names
- Contact information such as shipping or billing addresses
- Email addresses
- Social Security numbers
- Financial information (i.e., credit card numbers)
You should inform users if you’re sharing their data with third-party services.
Why You Need A Website Policy
Personal data is a big business. Companies like Google and Facebook made a fortune selling their users’ data.
Having a website policy also keeps things transparent for consumers, who are now taking a more active role in understanding how businesses use and store their information.
- Type of information collected
- Methods for collecting information
- Uses for the information
- Measures to ensure information is secured
- Disclosures on which third-parties the information is shared with
- Controls users have over their information
- Definition of terms
- Principles for processing data
- User’s rights under the GDPR
- Your legal basis for processing data
- Legal name and business address of your company
- The date the policy takes effect
- Name and contact number of your data controller
- Name and contact number of your data protection officer (DPO)
Data controllers and DPOs are responsible for ensuring data complies with the applicable data protection laws. The difference between them is that the data controllers do not necessarily have to be from the organization they’re monitoring.
“Data controller” is a general term that refers to the person responsible for data security. For instance, if you collect personal information for your or another company’s use, you can be considered a data controller.
2. Definition of Terms
3. Principles for Processing Data
Article 5 of the GDPR includes six principles by which personal data must be processed:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Storage limitation
- Integrity and confidentiality
Coca Cola shares their principles for data collection and processing in a fun graphic.
4. Users’ Rights Under the GDPR
Users should be made aware of their eight rights under the GDPR:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights related to automated decision making and profiling
5. Your Legal Basis for Processing Data
Article 6 of the GDPR only allows you to process data on these six legal bases:
- Consent: The subject has permitted their data to be processed.
- Contract: Data processing is necessary to fulfill a contract.
- Legal obligation: Processing of data is required by law.
- Vital interest: The state of someone’s life depends on the data being processed.
- Public task: The data processed is required to protect or execute a situation of public interest.
- Legitimate interest: The data is processed for legitimate interests; fundamental rights or freedoms are not infringed.
- Website footer: This is usually where all your navigation links are located.
- Web forms: Web forms are used to collect personal information, making them the perfect place to ask for consent to process customers’ data.
Consider using a GDPR plugin to initiate a cookie consent popup so that users can opt to disable cookies and protect their private data as these privacy laws intended.
If you’re a busy entrepreneur, take the worry of data security off your list of concerns. Get your website in a compliant hosting environment with Nexcess today.
Check out our hosting plans to get started today.