Failure to comply can result in heavy fines and even prosecution.
What is personal data?
Personal data is information that can identify an individual, either directly or when combined with other data.
Names, e-mails, addresses, localisation, IP-addresses, photos, and account information all are directly identifying data.
Health information, income, religion and cultural profiles and the like is also personal data.
Furthermore, and crucial in the present context, data on user behaviour is also personal. Cookies can track and register individual users’ browsing activities, like what articles they scroll past and which ones they choose to click on.
Most websites collect user data. Often, it happens without the website owner even being aware of it, by means of cookies.
If your website is hosted, or if you use plugins, social media-buttons, analytics tools and the like on your website, then it does set cookies and collect user data.
The free audit scans five pages of your website and sends you a report of the cookies and online tracking on these pages, including information on their provenance, purpose and whether or not they are compliant.
If you want a complete overview of the cookies and online tracking going on on all of your website, sign up to the Cookiebot solution.
Basically, it doesn’t matter where you choose to place it, as long as your users have access to it.
However, this might seem as a large expense if you are, for instance, a hobby blogger or small business.
Some are free and others come at a price.
However, if you use a generator, be sure to consider carefully all of the information to include in your policy and edit the template accordingly.
Also, be sure to do your research on all applicable laws and requirements.
Be aware that some geographically defined laws can, in practice, be global.
For example, The EU General Data Protection Regulation regards not only websites operated from the EU, but also all websites in the world, that have visitors from the EU.
Article 12 of the GDPR requires that you communicate information about your processing of personal data in a way that is:
- in clear and plain language
- easily accessible
- free of charge
In general, most privacy laws require you to inform your users about the following:
- Your name (or business name), location, and contact information
- What information you’re collecting from them (including names, email addresses, IP addresses, and any other information)
- What methods you are using to collect their information, e.g. cookies
- The purpose for collecting this information
- How you’re keeping their information safe
- Whether or not it’s optional for them to share that information, how they can opt-out, and the consequences of doing so
- Any third-party services you’re using to collect, process, or store that information (such as an e-mail newsletter service, or advertising network)
Cookies usually are the trickiest part of making your website compliant with regulations for privacy and data protection.
Most of the other data collection activities going on in connection to your website are both static and visible: The contact form or newsletter-subscription only changes if you actively make changes to it, and the user is aware of giving personal information when they chose to fill them out.
Cookies, on the other hand, operate in the background.
They are quietly dropped on the user’s computer without the user (or sometimes even the website owner, for that sake) being aware of what is going on.
Once dropped, the cookies can collect a lot of different types of data for any given length of time, and send this data out ‘into the world’.
Moreover, cookies are numerous and dynamic, tending to change often.
The General Data Protection Regulation requires that the communication about the use of data is both specific and accurate.
This issue can be solved if you choose a cookie solution like Cookiebot for your website.
Cookiebot performs monthly scans of your website, giving a complete overview of the cookies in use.
This way, you can make sure that your information on cookies is continually up to date.
World Map of Data Protection
However, if you use a generator, be sure to check that it complies with the EU General Data Protection Regulation and the ePrivacy Directive. These laws are applicable not only to websites operated from the EU, but also all websites in the world, that have visitors from the EU.
WordPress is both a code for building websites, and a hosting service for blogs and websites.
They have distinct privacy policies.
More than half of 12- to 15-year-olds in Britain are on Instagram. So are 43% of the 8- to 11-year-olds. But how many of them understand what they signed when they joined? Next to none.
It’s an interesting read for adults as well.