Get to know EU new privacy law (GDPR)

Since 25 May 2018 the General Data Protection Regulation (AVG / GDPR) has been applied. This European privacy regulation regulates the legitimate and careful handling of (personal) data.

 

In this blog post we will discuss some topics for website owners where you can expect particular changes.

In short

For all member states in the EU, the same rules on privacy apply from 25 May. For many websites, these new regulations have major consequences, for example in the area of ​​cookies, newsletters and storing user data.

The General Data Protection Regulation (AVG) gives people more opportunities to stand up for themselves when processing their data. For companies, much more emphasis is placed on accountability . You must be able to demonstrate as a company that you comply with the law. Reporting violations becomes simple, and follow-up will (also) have to be done. Fines can be extremely high (up to 20 million euros).

The law also applies to small SMEs and freelancers who process data. Such as tracking customer appointments, customer phone numbers or personnel information.

Processing of personal data

You may only collect personal data if you also have an explicitly stated purpose for it and this data must be secured against theft and loss. You must meet at least 1 of the below conditions before you record information:

  • Permission from the person whose data is processed has given permission for this
  • the data processing is necessary for the execution of a legal obligation (for example the data that the tax authorities register for the taxation)
  • the processing is necessary for proper fulfillment of a public-law task (for municipalities, for example)
  • the processing of data is necessary for the representation of a legitimate interest (for example if it is necessary for proper business operations), unless the interest of the person involved weighs more heavily. For example, this provision includes the execution of a direct mail action.

Please note that you also have a good privacy statement, which indicates, among other things, in clear language which data you save and for what purpose. It goes too far in this article to describe this exactly, so we recommend contacting a branch organization or expert.

Newsletters

Under the previous legislation, sending newsletters to customers who had ordered something via a webshop was allowed. That changes, also with retroactive effect. From May 25 it is only allowed to send newsletters if you have received explicit permission (for example because someone has put a check mark), and you must also be able to show this afterwards by, for example, time + dates and the text of the checkmark together with the e mail address. There are a few exceptions to this, so look carefully at your specific situation and decide together with an expert whether or what changes are needed.

Sufficient security mandatory

An example of adequate security is having software up-to-date so that there are no (known) security breaches.

For example, if you have a contact form on your website or if personal data are exchanged, SSL encryption is a minimum requirement. A professional SSL certificate can be requested separately for your website via https://www.henselhosting.nl/ssl-certificaat-bestellen , or you can use the Control Panel on https://my.codeorange.co.th/ under the heading SSL Let’s Install Encrypt SSL.

Note: If you process personal data that is sensitive, such as medical information, the security requirements are stricter. For example, storing them in a database on shared hosting is no longer sufficient security.

Processing agreement

If your data is managed or stored by a third party, you have to conclude a so-called processor agreement indicating the responsibilities.

Soon we will make a general processor agreement available that you can sign as a company if you store data with us, for example.

Cookies

Finally, check the use of cookies on your website. There was already a cookie law, but the rules have now been tightened. For example, a cookie wall (refusing visitors who do not accept cookies) is no longer allowed if you use tracking cookies. You must also show clear information about the use of cookies if you collect information (also those that are placed via Google Analytics, for example, if you do not use them in an anonymous way).

Note: This is only a personal interpretation of the current rules. We are not legal experts and we advise you to call in a specialist when in doubt.

 

Cookie Script

By Rutger | October 6, 2021

TL;DR we found the best Cookie compliance script. Cookie script makes it easier to comply with the European AVG/GDPR law, which has been in force since May 25, 2018. What is the GDPR? The GDPR is a European privacy regulation. It ensures the careful processing of personal data by businesses and organisations. For instance, you…

Access control per account

By Rutger | October 5, 2021

For many years our resellers can control their customers’ access to specific functionality of the control panel. But it was on or off. No granular control. Let’s say that DNS management is hard to understand for your customers, then you usually switch this off. Same goes for ordering. Perhaps some of your customers order a…

How to Optimize Site Performance for Core Web Vitals

By Rutger | June 8, 2021

There are many factors that affect website rankings, one of which is, site performance. How does your site perform in terms of speed and accessibility? Just this month  Google established a new user experience metric called Core Web Vitals. Core Web Vitals aims to put the most optimized website in terms of performance on top of…

Firefox’s new Site Isolation Security Architecture

By Rutger | May 28, 2021

Online there are plenty of untrustworthy websites that could overpass the initial security in your primary browser. Which is why Firefox developed a new Site Isolation Security. With the main purpose of preventing malicious websites from accessing or stealing information from your accounts on other websites.  The process of site Isolation security is separating web…

WordPress Proposes Blocking Google’s FLoC

By Rutger | April 25, 2021

In the recent announcement from WordPress, they state that they are treating Google’s new FLoC tracking technology as a security concern and may block it by default on WordPress sites. Google’s Federated Learning of Cohorts (FLoC) received a lot of criticism concerning privacy. “FLoC is meant to be a new way to make your browser…

Am I FLoCed? A New Site to Test Google’s Invasive Experiment

By Rutger | April 5, 2021

 Am I FLoCed is one of an effort to uncover the invasive practices of the adtech industry—Google included. It is a new site where you can check if you are being subjected to the latest advertising experiment, FLoC. What is FloC? Federated Learning of Cohorts or FLoC is Google’s new advertising technology intended to replace…

DuckDuckGo Browser and Extension

By Rutger | February 25, 2021

DuckDuckGo describes itself as “the search engine that doesn’t track you.” Although DDG is better known for its privacy-focused search engine, the company has expanded into making its own Privacy Browser app for Android and IOS. The DDG Privacy Browser has the speed you need, the browsing features you expect (like tabs & bookmarks), and…

The Search Engine That Doesn’t Track You

By Rutger | February 11, 2021

THERE’S A NEW battleground in the browser wars: user privacy. Just recently, we published an article about Brave browser and how effective its tracker blocking technologies. So here’s another talk of the town privacy-focused search engine that will help you enjoy the internet without having to worry about leaving a digital footprint.  What is DuckDuckGo?…

Mozilla Firefox 85.00 is Here!

By Rutger | January 30, 2021

The popular open-source web browser Mozilla Firefox finally released version 85.00. With significant updates including the much-awaited major privacy enhancement called network partitioning. Check out the major improvements and what’s been added and changed for the latest Firefox 85.00. What’s new? The Adobe’s popular software Flash Player is no longer supported by Firefox 85. “There is…

Update: Let’s Encrypt Extends Support for Android 7 or Older Devices for Three Years

By Rutger | January 13, 2021

Back in November, Let’s Encrypt an open certificate authority announced an end to its partnership with Identrust and to “Standing on Our Own Two Feet – Let’s Encrypt”. The supposed part ways will cause compatibility issues with Android 7.1.1 or older to not be able to access HTTPS websites.  In its new announcement, Let’s Encrypt has…