How to comply with the GDPR, Lopd and lssi on your website?

GDPR websites and data protection

On this website we will give you all the keys to comply with the GDPR, Lopd and lssi data protection policy for web pages. Always bearing in mind that the legal texts should be consulted with a lawyer or data protection company.

You should inform yourself of everything you need and consult second opinions, third parties or those you need. We have consulted since AppDesign with different data protection companies. You are solely responsible for ensuring that your website meets the requirements. I do not take any legal responsibility on your website for not having it adapted to your site and peculiarities.

In this article you will find what you need to include or what parts to modify within your website. If you want to comply with the GDPR data protection policy of a web in wordpress or prestashopAsk us for help by providing us with your website through our contact form:

 

If you have a custom websiteYou will need professional programmers to make the necessary modifications and comply with the GDPR.

What is the GDPR Data Protection Policy?

The GDPR It was voted and approved by the Parliament of the European Union in April 2016. The regulation will enter into force after a transition period of two years. Unlike a Directive, it does not require the government to pass any enabling legislation. It means that it will be in force on May 25, 2018.

The GDPR It not only applies to organizations located within the EU, but will also apply to organizations located outside the EU. Anyone offering goods or services that perform the behavior of data subjects in the EU. It applies to all companies that process and maintain the personal data of data subjects residing in the European Union, regardless of the location of the company.

What is necessary to comply with the GDPR on your website

This plugin will create a form where users can request access or deletion of their personal data, stored on their website. It is also possible:

  1. Cookies policy.
  2. Mount an SSL Certificate.
  3. Include pages of Privacy Policy and Legal Notice.
  4. Include the check box.
  5. Report on data collection.

Adapt the Cookies Policy on your website

It is necessary to adapt the Cookies Policy of your website. This must be set up warning on all pages that your website uses both its own and third-party cookies. Now we just need to add the accept button and a link to your privacy policy. Here would come the clauses on the Cookies Policy.

cookie policy on my website

If you are doubting whether your website collects Cookies, I recommend implementing it anyway since it is sometimes difficult to know which cookies your own website uses.

Once the notice has been set up to appear on all pages, we implement it in our main policy.

SSL certificate to comply with the GDPR

One of the most controversial points they have created has been that of having to encrypt our entire website. This is done by mounting an SSL certificate to encrypt all the data that is collected on the website through the contact forms.

ssl certificate for your website

At AppDesign we are aware that this point is the most important, not only for the privacy and security that it adds to your website, but also for the increased authority that increases in search engines. Although the increase is minimal in most cases, going from an http web to https increases our positioning, this is something that Google itself has been saying since April 2015.

In our case, we noticed an increase of 15% in organic visits in just over 6 months, after making the change. It is possible that for other companies it has more scope, what we have no doubt is that it has become just at the loading speed of the web. A current design oriented to mobile devices, one of the main most influential factors in Google when it comes to positioning.

Assemble the page of Privacy Policy, Legal Notice and Cookies

This point is rather free and depends on each page. So the legal texts will be left to your choice.

As advice that we have been checking throughout the implementation for many of our clients. Most data protection companies choose to set up a generic privacy policy. In our case, our law firm sent us a generic data protection policy that they will surely use as a template for companies.

We choose to complete it by searching for information on the internet. We will save you a few hours of searching by leaving the most complete policies we have found. They are ordered from the one that seems best and most complete to the last, always leaving this point to your choice:

  1. https://ayudawp.com/muylegal/
  2. https://miposicionamientoweb.es/aviso-legal-politica-privacidad-politica-cookies-condiciones/
  3. https://es.surveymonkey.com/mp/legal/
  4. https://www.abanlex.com/aviso-legal/

For a corporate website, also include the Ferrovial company policy, which seems to us the simplest and easiest to understand. Both the Privacy Policy, Legal warning and the Cookies policy.

They are some of the quite complete examples that you can see.

Acceptance box on forms

One of the news about GDPR data protection policy It is the change of the acceptance box that must go on all forms. Previously it was enough to put this box, now the mandatory one that is deactivated by default so that the user has to accept before sending their data.

GDPR acceptance box

In our case we leave the 3 policies that we include on one page and add the general contracting conditions.

Information about the data collection to include in the contact forms

The new one GDPR It also includes the obligation to inform customers about some points of the data collection. It must be reported directly in the contact form itself before the send button.

Some examples can be found on the pages of previous examples. Although on this point there is not much difference.

- Responsible: Company or name of the person responsible for data collection.
- Purpose: For which the data collection will be used, it may be commercial, advertising ... etc.
- Legitimation: Consent of the interested party.
- Recipients: Inform that data will not be transferred to third parties, except legal obligation.
- Rights: How you can access, rectify, delete the data and other rights, as explained in the additional information.
- Additional information: a link to the complete data protection policy of your website is usually included here.

We hope we have resolved any doubts you may have about the new GDPR Policy. If you need to implement these systems on your website, you can consult with our team, do not forget to leave your website.

GDPR websites and data protection
Copy link