With the recent emphasis on new GDPR regulation, site owners wonder about the exact definition of this law. Together, let’s take a closer look at what you need to know about GDPR.
What is the GDPR?
GDPR is the abbreviation of General Data Protection Regulation. Clearly, this online regulation protects you against the theft of your personal data. Indeed, each site collects some of your cookies. These cookies contain important information on your connection. Thus, you share with the owner of the site your location, the time spent and the route you have taken on said site. But cookies also include your name, your email address, or your IP address.
All these data are particularly sensitive. This is the reason why, in 2018, the GDPR regulation was put in place. Thanks to the latter, the Internet user is much better protected. Indeed, the GDPR applies a legal framework on the way in which cookies are collected and used.
By accepting this regulation, the Internet user gives the owner of the site the right to have access to his information for a certain period of time. In addition, website owners cannot keep these cookies. more than 13 months. After this period, the Internet user must renew consent.
Where do the GDPR regulations apply?
The GDPR aims to protect European internet users. Thus, the latter applies to all persons in the European Union. If the entity is not in the European Union, but sells its services in one of the countries of the union, it is also affected by the GDPR.
Finally, if the company that owns the site is not in the European Union, but wishes to analyze the browsing pattern of people located in the European Union, it is also subject to regulation.
Where we often make a mistake is to think that only users located in the European Union are covered by the protection of the GDPR. Indeed, if your company is English and your internet database is located in Europe, GDPR must apply to all your users.
A strong legal basis
Of course, the GDPR regulation is based on legal texts to effectively protect the various users sharing their cookies. Thus, the user must give his consent so that the website can use the information he leaves behind. Data processing is also subject to a legal basis. Site owners have an obligation to protect the interests of their visitors.
The notion of consent is one of the most important points of GDPR regulation. By definition, the GDPR is a data processing consent certificate. To offer it, different websites should use simple terms so that each visitor can clearly understand the accepted terms.
The different conditions and privacy policies must appear in an understandable way. Indeed, even if the GDPR is a text filled with legal jargon, it must be popularized as much as possible on the certificate accepted by the visitor. All incomprehensible clauses must be worked on and detailed so that the Internet user understands his rights.
The GDPR is also a text legally protecting the consent of minors. Indeed, each website is required to obtain the verifiable consent of a parent or a legal representative. This rule applies to all websites except websites that offer minors prevention and counseling services. In addition, each site must offer dual consent for anyone under the age of 15.
GDPR: no pre-filled boxes!
Each company offering a website must show full transparency in the collection of data on the web. In addition, consent must be understood and freely given. So that the user agreement is obtained without ambiguity, no box should be pre-filled. The form must be offered blank and the user can choose for himself the information he wishes to share with the owner of the site. In addition, the consent given must also be easy to withdraw.
For sites collecting personal data, recording consent is essential. Indeed, clear records showing how you have obtained the consent of users to use their data must be kept. In the event of a problem, it is the website owner who is responsible. Consent records should be as specific as possible. These, for each user, must include:
- full details of the person who provided the consent;
- how the user’s consent was obtained;
- a copy of the data collection form.
Stricter reform since March 2021
At the end of March 2021, the GDPR regulations experienced a legally important turning point. Indeed, the text has been reinforced by some new texts. Since April 1, 2021, the definition of the GDPR has changed somewhat since the CNIL imposes stricter control on cookies. With the new reform, users have a complete and unambiguous view of the cookies placed on a visited site.
The cookie management interface must also be available to the Internet user at all times. Indeed, if he now wishes reconsider his consent, he must do it in the simplest way possible.