Home Tags Posts tagged with "gdpr"

gdpr

Owning and operating a website today has many new levels of complexity many wouldn’t have considered at all a few years ago. One of these complexities, internet privacy, is a big talking point at the moment, so let’s take a look at a couple of considerations when you’re building your website to be privacy focused.

SSL is a Must

The first jumping off point of any discussion related to website security and privacy is how information is exchanged between your users and your website’s server. If you are collecting any information, particularly personal information, ensuring you have an SSL certificate that is valid for all your domains and subdomains is critical. It’s a huge sign of trust for your users and it’s required for many reasons, least of all because modern browsers are quick to inform users about any websites that aren’t using one.

Don’t Store Data You Don’t Need

Consider every piece of data you choose to store on your users, whether it be via a sign-up form or automatic data logging. Decide how important it is for you to have this information and stop logging or requesting information you don’t need. The less information you have on your users, the less trouble you’re likely to face with privacy issues. A general rule of thumb is to keep as little information as possible on your users.

You Must Have a Privacy Policy

A privacy policy tells users of your product, service, app or website exactly what personal information you collect from them and what you intend to do with it. Your website requires a privacy policy by law (like the GDPR in the European Union) and this law requires that you adhere to it. Because websites are global and anyone can access them, you need to make sure you’re compliant to the best degree possible. Including specific things in your privacy policy is important to cover these bases. At a minimum, your privacy policy should include the following:

  • A thorough list of all the information your website collects from your users, whether they are logged in or not.
  • How you intend to notify visitors to your website of any changes to your privacy policy.
  • A quick how-to for those who would like to access and/or change this information, delete their data, or opt out of any information being stored.
  • Explicitly state the age restriction for accessing and using your website.
  • An explanation on how any information you collect might be shared. Remember to include any third-party payment processors and other trusted third parties in this list too.

Your privacy policy should be easy to find and written in language that can be understood by anyone. If you need a privacy policy, you can use a privacy policy generator as noted here.

Protect the Data You Store

Your website needs to have steps in place to stop data breaches to the best of your ability. If you’re using a commercial CMS or online hosting service, they will do most of the heavy lifting for you and are thus recommended for the less technical minded. If you do host your own web server or platform, making sure that you’re always running the latest version of any web hosting software (like Apache or nginx), database software (like MySQL) and your actual CMS platform is critical. Having a working understanding of how to secure a webserver is also important, and if this is beyond your scope, rather opt for a web hosting company that can take care of this for you.

Use a Third-Party Payment Processor

The easiest way to deal with any privacy issues related to the processing of credit card data is to offload this responsibility onto a third party. While some information will still be sent to the credit card processor, like your user’s details, your website won’t be interacting with, storing or transmitting credit card data, which is a real benefit when it comes to dealing with privacy issues, as this is one of the most sensitive.

The most important consideration when you’re dealing with privacy issues is to be as transparent and open with your users as possible. Let them know each time you’re storing information or what you’re going to do with their information so that they’re never left surprised by anything.