What is GDPR?
GDPR is a comprehensive law which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for EU residents.
“This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.”
The new EU data protection laws extends the scope of the EU data protection law to all companies even outside the EU when they process data of EU residents.
What does that mean?
The goal of the new GDPR regulations is to protect the personal data of European citizens and give them more control over how this data is used online.
GDPR compliance falls on both the client's business that is collecting the data (data collector) and any third-party that processes this data. (data processors) Under the new GDPR law, there are many new steps that organizations should take in regards to data protection.
GDPR Options for UXi Sites
By default, UXi sites have an option selected on UXi General Settings > GDPR Settings that forces a re-direct to a static page for any user from an IP Address inside the European Union. This option is enabled to keep EU traffic off the site until the client and their website are prepared.
To allow EU Traffic on the site, a client must, at the minimum, sign Data Processing Agreement document.
If you've got access to Right Signature, please send it from there. If not, please fill out the Custom Contract Request Form.
If they want to take the necessary steps to be fully compliant, the website update process will go something like this:
- The client must first sign the Data Processing Agreement mentioned above.
- A custom banner will be added to the site informing users of the data thats collected, and providing them the required opt-in option.
This means that all tracking methods like Google Tag Manager will have to be opted into by each user before they function.
- Notice messages will be added to all forms that explains any data collection and its purpose.
- Consent fields will be added, asking for explicit consent for any additional data processing like sending a form entry to a CRM or Email Marketing platform.
We should strongly suggest this full process to any site that has a large presence in Europe, but it is the client's responsibility to take action.