The EU General Data Protection Regulations (GDPR) come into effect on 25 May 2018.
Technically these regulations only apply to EU companies and EU citizens but many Australian businesses will have interaction with EU-based users and so these regulations will apply.
Aside from the legality of whether Australian businesses are directly impacted by the GDPR, these regulations are being touted as "best practice" and hence many of the recommendations are worth actioning.
It is very common for online forms to ask for personal details. Where online forms ask for personal data they should:
- Where the information collected may be used for multiple purposes, use explicit opt-in for all separate uses of data
- Make it easy for users to opt-out at a later time.
- Clear and simple language and avoid jargon
- References to GDPR terminology - you may need legal advice to assist with the best wording
- Explicit details about how long personal data is retained
- Explicit reference to any third-parties that will have access to the personal data, why, and what they will do with it
Tracking Software and Cookies
The use of marketing tools and website analytics software can be valuable tools for assessing the effectiveness of a website. GDPR issues are:
- Use of anonymous data is OK, this includes Google Analytics or similar (anonymous) assessment software
- If tracking software is used - such as links to CRM or advertising tools - then users should be given the ability to opt-out or consent. As with other forms of consent, the user should also have the ability to revoke consent (or grant consent) at a later stage.
There are website extensions available that allow users to view and consent (or revoke) the use of tracking cookies on a website. If you believe that this is relevant to your website then please contact us for further guidance.