What is GDPR?

GDPR is a comprehensive law which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for EU residents.


“This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.”


The new EU data protection laws extends the scope of the EU data protection law to all companies even outside the EU when they process data of EU residents.


What does that mean?

The goal of the new GDPR regulations is to protect the personal data of European citizens and give them more control over how this data is used online.


Compliance

GDPR compliance falls on both the client's business that is collecting the data (data collector) and any third-party that processes this data. (data processors) Under the new GDPR law, there are many new steps that organizations should take in regards to data protection.

Click here to view the full GDPR specification



GDPR Options for UXi Sites

By default, UXi sites have an option selected on UXi General Settings > GDPR Settings that forces a re-direct to a static page for any user from an IP Address inside the European Union. This option is enabled to keep EU traffic off the site until the client and their website are prepared.



To allow EU Traffic on the site, a client must, at the minimum, sign Data Processing Agreement document.

If you've got access to Right Signature, please send it from there. If not, please fill out the Custom Contract Request Form


If they want to take the necessary steps to be fully compliant, the website update process will go something like this:
  1. The client must first sign the Data Processing Agreement mentioned above.
  2. Next, they'll provide us with an updated privacy / cookie policy to be displayed on the site.
  3. A custom banner will be added to the site informing users of the data thats collected, and providing them the required opt-in option.

    This means that all tracking methods like Google Tag Manager will have to be opted into by each user before they function.

  4. Notice messages will be added to all forms that explains any data collection and its purpose.
  5. Consent fields will be added, asking for explicit consent for any additional data processing like sending a form entry to a CRM or Email  Marketing platform.



We should strongly suggest this full process to any site that has a large presence in Europe, but it is the client's responsibility to take action.

Becoming a fully GDPR-compliant business is more than just website updates. We should suggest that clients seek legal advice based on the data they collect. We've also published a more thourough list here containing some more detailed info. https://m360.us/902c