contact

How to comply with the GDPR, Lopd and lssi on your website?

August 4, 2019
App Design -

On this website we will give you all the keys to comply with the data protection policy GDPR, Lopd and lssi for web pagesAlways bearing in mind that legal texts should be consulted with a lawyer or data protection company.

Websites and GDPR data protection

You will have to inform yourself of everything necessary and consult second opinions, third parties or those you need. We have consulted from AppDesign You are solely responsible for the compliance of your website with the requirements. I do not take any legal responsibility for your website not being adapted to your site and peculiarities.

In this article you will find what you need to include or which parts to modify within your website. If you want to comply with the GDPR data protection policy of a web in wordpress o prestashopIf you have any questions, please ask us for help by providing us with your website through our contact form:

If you have a customised websiteIf you are a professional programmer, you will need professional programmers to make the necessary modifications and comply with the GDPR.

What is the GDPR Data Protection Policy?

The GDPR was voted and approved by the European Union Parliament in April 2016. The regulation will come into force after a two-year transition period. Unlike a Directive, it does not require the government to approve any enabling legislation. It means that it will be in force on 25 May 2018.

The GDPR not only applies to organisations located within the EU, but will also apply to organisations located outside the EU. Anyone offering goods or services that perform the behaviour of EU data subjects. It applies to all companies that process and maintain personal data of data subjects residing in the European Union, regardless of the location of the company.

What you need to comply with the GDPR on your website

This add-on will create a form where users can request access to or removal of their personal data, stored on your website. This is also possible:

  1. Cookie Policy.
  2. Assemble a SSL Certificate.
  3. Include Privacy Policy and Legal Notice pages.
  4. Include the checkbox.
  5. Report on data collection.

Adapt the Cookie Policy on your website

It is necessary to adapt the Cookie Policy of your website. This must be set up by warning all the pages that your website uses cookies, both your own and those of third parties. All we need to do now is add the accept button and a link to your privacy policy. Here would be the clauses on the Cookie Policy.

cookie policy on my website

If you are in doubt as to whether your website collects cookies, I advise you to implement them anyway as it is sometimes complicated to know which cookies are used by your own website.

Once the ad is set up to appear on all pages, we implement it in our main policy.

SSL certificate for GDPR compliance

One of the most controversial points has been to have to encrypt our entire website, this is done by setting up an SSL certificate to encrypt all data collected on the website through the contact forms.

ssl certificate for your website

At AppDesign we are aware that this is the most important point, not only because of the privacy and security it adds to your website, but also because of the increase in authority that it increases in the search engines. Although the increase is minimal in most cases, going from an http website to https increases our positioning, this is something that Google itself has been saying since April 2015.

In our case, we noticed an increase of 15% in organic visits in just over 6 months, after making the change. It is possible that for other companies it has more reach, what we have no doubt is that it has become just at the speed of web loading. A current design oriented to mobile devices, one of the main factors most influential in Google when positioning.

Set up the Privacy Policy, Legal Notice and Cookies page

This point is rather free and depends on each page, so we will leave the legal texts to your choice.

As advice we have been checking throughout the implementation for many of our clients. Most data protection companies choose to set up a generic privacy policy. In our case, our law firm sent us a generic data protection policy that they will probably use as a template for companies.

We choose to complete it by searching for information on the internet. We will save you a few hours of searching by leaving you with the most complete policies we have found. They are ordered from the one we find best and most complete to the last one, always leaving this point to your choice:

  1. https://ayudawp.com/muylegal/
  2. https://miposicionamientoweb.es/aviso-legal-politica-privacidad-politica-cookies-condiciones/
  3. https://es.surveymonkey.com/mp/legal/
  4. https://www.abanlex.com/aviso-legal/

For a corporate website, we also include Ferrovial's policy, which we believe is the simplest and easiest to understand. Both the Privacy Policy, Legal Notice and the Cookie Policy.

These are some of the quite complete examples you can see.

Acceptance box on forms

One of the news about the GDPR data protection policy is the change of the acceptance box that must go in all forms. Previously it was enough to put this box, now the mandatory that is deactivated by default so that the user has to accept before sending your data.

acceptance box for GDPR

In our case we leave the 3 policies that we include them on one page and add the general conditions of contract.

Information on data collection to be included in the contact forms

The new GDPR It also includes the obligation to inform customers about some points of data collection, which must be informed in the contact form itself before the send button.

Some examples can be found on the previous example pages, although there is not much difference on this point.

- Responsible party: Company or name of the person responsible for the data collection.
- Purpose: What the data collection will be used for, it can be commercial, advertising... etc.
- Legitimation: Consent of the interested party.
- Addressees: Inform that no data will be transferred to third parties, unless legally obliged to do so.
- Rights: How you can access, rectify, delete the data and other rights, as explained in the additional information.
- Additional information: A link to the full data protection policy of your website is usually included here.

We hope that we have resolved any doubts you may have about the new GDPR Policy. If you need to implement these systems on your website you can consult with our team, do not forget to leave your website.

Copyright © 2020 App Design | All rights reserved - Privacy Policy, Legal Notice and CookiesGeneral conditions