If your organization collects data from any European citizen, GDPR affects you!
GDPR stands for General Data Protection Regulation and is legislation passed by the European Union regulating how websites collect data, store data, and communicate with supporters. These regulations are officially going into effect starting May 25, 2018.
Catch Up On the Basics
First, here’s a quick primer for the vocabulary:
Consent: Organizations cannot have pre-selected authorization inputs on forms. Users should be able to revoke consent to their information after consent is given.
Breach Notification: In the event of a data breach, your organization must notify users within 72 hours of breach.
Right to Access: Users have the right to any of their personal data stored by a site. Your organization must provide the user with an electronic copy of data for free.
Right to be Forgotten: Users’ data can be erased and no longer used at their request.
Data Portability: You must allow for a user to obtain their data and transfer it over to different IT environments.
Privacy by Design: You need to make sure your organization is setting up infrastructural measures that protect user data.
Data Protection Officers: Professionally qualified officers must be appointed in public authorities, or organizations that engage in large scale (>250 employees) systematic monitoring or processing of sensitive personal data.
Then, you might want to check out this great video to get you up to speed:
Torque (a great site for WordPress information) also created this Beginner’s Guide.
And finally, here’s a GDPR checklist to help you at least make sure you’ve got your basics covered.
Clean Up Your Forms
Even if GDPR doesn’t seem to affect you, this is still a good time to review your data practices.
In addition to making these potentially required changes, the GDPR provides you with an opportunity for some spring cleaning! Optimize your forms for only the data you need and use in your program activities.
Here are some important questions to consider as you look at your website:
- Under the GDPR, you can’t assume what a user wants; silent pre-checked checkboxes or inactivity should not constitute consent.
- Only collect the data you need. This reduces your exposure to risks.
- Include tooltip or input descriptions on signup form fields.
- Make sure you have an easy-to-access page for users to unsubscribe or delete their user account.
Finally, after you’ve verified that you’re following the basic recommendations, take some time to review your site goals. How could you optimize your forms within the GDPR guidelines?
- Should you un-check your opt-in checkboxes?
- Would you like to customize your unsubscribe form to address GDPR concerns?
- Could you display tooltip content with more descriptions on your form fields?
- Could you use geolocation features to display different form fields to your supporters depending on where they live?
- Are your privacy policies transparent and easily accessible?
- Could your unsubscribe forms be easier to use and maintain?
Need some assistance? Contact us and let us know what kind of updates you’d like to see on your forms.