The General Data Protection Regulation (GDPR) is a European privacy law that is due to go into effect on May 25, 2018. The new regulation provides residents of the EU countries with the tools to control their personal data and ensures their privacy by protecting their personal data and rights.
The GDPR must be observed by everyone who processes personal data of residents of the EU countries (Article 3 of the GDPR). The GDPR states that personal data is any information related to an identified or identifiable individual (the data subject), based on which, directly or indirectly, an individual’s identity can be established. Thus, if your website collects personal data, and the personal data subject is a citizen of a member state of the European Union, you must ensure that your site complies with the requirements of the GDPR.
If you can not say with certainty that you process the personal data of at least one citizen of a member state of the European Union, ask yourself the following questions:
- Are your services/products adapted to the languages of the EU countries?
- Are your services/products sold in the local currencies of the EU countries?
- Are your services/products are offered at the national top-level domains of the countries of the European Union?
If your answer to at least one of the above questions is 'yes', you must comply with the requirements of the GDPR.
As a site owner, it is your responsibility to inform your visitors and customers about the way your site processes their personal data, so you should carefully study all the requirements of the GDPR and bring your site in line with them.
Take a look at our recommendations below so you know how to make your site GDPR-friendly.
The main document that confirms your compliance with the requirements of the GDPR is the privacy policy of your website. If you don’t have a privacy policy yet, it’s high time for you to consider creating it. The uCoz website builder has the necessary tools for helping you create a privacy policy page for your site.
Navigate to the Control Panel of your website and go to the Users section. You can add a privacy policy page to your site and customize it to your needs at the correspondent section from the list on your left.
We recommend that you draw up a clear and comprehensive privacy policy for your website in accordance with the requirements of the GDPR and the laws of your jurisdiction. That said, an important requirement for the privacy policy is its simplicity and easily accessible form for the personal data subject.
A privacy policy should contain the following provisions:
- basis for the collection of personal information (usually the consent of the subject of personal data, but there are other legal grounds specified in paragraph 1 of Article 6 of the GDPR);
- the rights of the personal data subject (listed in articles 15-18, 20 GDPR);
- list of the personal information that you collect and its types;
- purpose of collecting personal information;
- cases in which you disclose users’ personal information to third parties;
- how cookies and other technologies for the automated data collection are used on your website;
- how subjects of personal data can withdraw their consent, change or delete their personal information that was collected by you;
- procedure of updating your privacy policy;
- your contact details for communication and questions.
Unfortunately, we are unable to give more detailed guidelines on the provisions your privacy policy should contain because this document requires an individual approach for each site.
If you require any specific features on your website according to the GDPR (notifications of using cookies, age confirmation, implementing the right for data transfer, etc.), feel free to contact uCoz Support Team and we will help you find a necessary solution.
Another important requirement of the GDPR is the place where personal data is stored. Websites of our users from the European Union, as well as all information obtained with the help of website modules, are automatically placed on the servers located in the United States at the moment the website is created on the uCoz platform. The European Commission, on the basis of Article 45 of the GDPR, recognizes the United States as the country providing an adequate level of data protection.
Some general recommendations on compliance with the GDPR:
- Check if your site and organizational measures taken comply with the GDPR requirements;
- Do not process data for a longer period than necessary for the objectives stated in the privacy policy;
- Follow the principles set forth in paragraph 1, Article 5 of the GDPR, including the principle of data minimization, i.e. avoid collecting information which is not necessary for providing services/offering goods;
- Promptly respond to all customers’ requests concerning their personal data;
- Obtain explicit consent to the processing of personal data by using the checkbox form;
- If you are based outside the territory of the EU countries, you should appoint your representative in the European Union.
To be fully prepared for the GDPR requirements, we recommend that you read the full text of the GDPR, and seek legal advice from qualified specialists in the country of your jurisdiction.
Here you can find useful information about how to bring your site in line with the GDPR.
If you have any additional questions, comments or suggestions on how to improve our service in relation to the GDPR requirements, please contact uCoz Support Team.
We also want to let you know that we made some important updates to our Privacy Policy. We added detailed explanations about what information we collect, what we do with it, and how we make sure that information stays safe and private. Please take a moment to review our updated Privacy Policy here.