What is the GDPR
GDPR stands for "General Data Protection Regulation". You will probably hear the French equivalent, RGPD.
The GDPR regulates the processing of personal data within the European Union and applies to any organization, based in Europe or targeting European residents, that processes personal user data.
* By personal data we mean a user's direct information (name, first name, etc.) but also indirect information (telephone number, e-mail address, etc.) and more generally a set of personal data (purchasing behavior, location, age, etc.).
* By personal data processing we mean any processing that has a legitimate purpose for your professional activity: collection, storage, recording, consultation, organization, adaptation, modification, extraction, use, transmission, etc.
The GDPR aims at transparency for the user, who must know what personal data are collected about him and what are the purposes.
He must be able to give his consent or to oppose the processing of his data, and must be able to adapt this consent at any time.
He must also be able to access the information collected, modify his data, or request their deletion.
Does the GDPR apply to my website?
A website may contain personal user information. It is rare that a website does not collect any personal data. The GDPR will therefore also apply to this communication tool.
Here are some examples of user information subject to the GDPR that a website can collect:
- Tracking information via monitoring tools: Google Analytics, Facebook Pixel, ...
- Tracking information via marketing tools: Google Ads, TrustPulse, ...
- Tracking information via CRM tools: Hubspot, Hotjar, ...
- Registration data added to a database: form for downloading a brochure, registration for a competition, etc.
- Data sent via API to an external tool: online quote request, newsletter subscription, ...
How do I make my site GDPR compliant?
To make your site GDPR compliant, you will have to give the user the possibility to make choices for each element/action that collects information about him.
Of course, this is not good for marketing departments who see user data reduced to analysis or marketing purposes, but it is the explicit choice of the user that is important.
Cookies are files that store data in order to reuse this information later. This is to facilitate navigation on your site, but also for analysis or marketing purposes. A large amount of user data is stored and used through cookies.
These cookies are listed in a cookie banner tool, which classifies cookies according to different categories (functional, statistical, marketing), with an explanation of the nature of each cookie.
Depending on the tool chosen, the user can authorize each category of cookie independently, or even each cookie on certain tools.
There are many solutions on the market: Axeptio, Cookiebot, Tarte au Citron, ... Some web agencies have even created their own cookie banner. Don't hesitate to compare several tools to choose the one that will be the most adapted to your site's needs.
The implementation of the cookie banner requires an intervention of your developer who must condition the fact that each cookie is triggered or not following the user's consent.
Opt-in checkbox on forms
The other part consists in collecting the user's consent for the data encoded via the various forms present on the site.
Whether it's a newsletter registration form, a contest form, a brochure download form, etc., it is imperative that a checkbox be present to authorize the processing of the user's data when he fills out this form.
This checkbox must be of the opt-in type, i.e. the user must take the action of checking the box, as opposed to the opt-out type which consists of checking the box by default and forces the user to uncheck it if he/she is opposed to the processing of his/her data.
The wording must also be explicit about the purpose of the processing of their data.
E.g.: "I wish to receive the monthly newsletter of XXX", "I agree to be contacted in the context of the request for a quote".
On this page you can find various information such as:
- An explanation of internal and third-party cookies
- The purpose of data processing
- Explanation of cookie management
- The contact point for access, rectification and deletion of personal data.
Any company that fails to comply with the GDPR is subject to penalties.