How to comply with the European General Data Protection Act (GDPR)

The General Data Protection Act (GDPR) is considered to be the most significant piece of European data protection legislation to be introduced in the European Union (EU) in 20 years and will replace the 1995 Data Protection Directive. The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data.

The new regulation goes into effect on May 25, 2018.

The GDPR regulates the processing of a data subject’s personal data in the European Union including its collection, storage and transfer or use. The GDPR gives data subjects more rights and control over their data by regulating how you should handle and store any personal data they collect.

Every website that collects, stores and handle European citizen’s data will have to comply. But what does that mean?

Basically, you’ll have to update your privacy policy and place a cookie consent disclaimer in your website.

How to (re)write my Privacy Policy?

As every online directory is unique, there’s not a standard template to copy. Besides the information you already have there, the privacy notice should address the following to sufficiently inform the data subject:

  • Who is collecting the data?
  • What data is being collected?
  • What is the legal basis for processing the data?
  • Will the data be shared with any third parties?
  • How will the information be used?
  • How long will the data be stored for?
  • What rights does the data subject have?
  • How can the data subject raise a complaint?

The best tools we find to help our users are Terms Feed and Iubenda. The final text will depend on how many tools you have installed in your site like Google Analytics, CRMs, Facebook Pixels, Hotjar, LiveChat, etc.

 Data Controller and Data Processor

One thing that you have to highlight in your new Privacy Policy is who handles data.

A Data Controller represents the entity that determines the purposes, conditions and means of the processing of personal data: the Directory owner (you)

If you host your online directory with us so we are the Data Processor. If you host anywhere else, your or the hosting provider is your Data Processor.

Be sure to use the right Data Processor when updating your Privacy Policy.

 How to place a cookie consent disclaimer in my online directory?

One way is to use paid tools like OneTrust.com, Cookiebot.com and others. But there are open source options like Cookie Consent by Insites and Silktide. Just place their scripts using Google Tag Manager.

To learn how to install the Cookie Consent Disclaimer by Insites, read this article here.

Alternatively, you can embed one of the numerous 3rd party widgets, or if you have the owned license you can develop custom code.

Contact eDirectory support at support.edirectory.com if you have questions or problems.

Read more:

*We take great care in providing information to you, but please be aware of the fact that this blog post can not be considered a substitute for professional legal advice.