Since 25 May 2018 the General Data Protection Regulation (AVG / GDPR) has been applied. This European privacy regulation regulates the legitimate and careful handling of (personal) data.
In this blog post we will discuss some topics for website owners where you can expect particular changes.
For all member states in the EU, the same rules on privacy apply from 25 May. For many websites, these new regulations have major consequences, for example in the area of cookies, newsletters and storing user data.
The General Data Protection Regulation (AVG) gives people more opportunities to stand up for themselves when processing their data. For companies, much more emphasis is placed on accountability . You must be able to demonstrate as a company that you comply with the law. Reporting violations becomes simple, and follow-up will (also) have to be done. Fines can be extremely high (up to 20 million euros).
The law also applies to small SMEs and freelancers who process data. Such as tracking customer appointments, customer phone numbers or personnel information.
Processing of personal data
You may only collect personal data if you also have an explicitly stated purpose for it and this data must be secured against theft and loss. You must meet at least 1 of the below conditions before you record information:
- Permission from the person whose data is processed has given permission for this
- the data processing is necessary for the execution of a legal obligation (for example the data that the tax authorities register for the taxation)
- the processing is necessary for proper fulfillment of a public-law task (for municipalities, for example)
- the processing of data is necessary for the representation of a legitimate interest (for example if it is necessary for proper business operations), unless the interest of the person involved weighs more heavily. For example, this provision includes the execution of a direct mail action.
Please note that you also have a good privacy statement, which indicates, among other things, in clear language which data you save and for what purpose. It goes too far in this article to describe this exactly, so we recommend contacting a branch organization or expert.
Under the previous legislation, sending newsletters to customers who had ordered something via a webshop was allowed. That changes, also with retroactive effect. From May 25 it is only allowed to send newsletters if you have received explicit permission (for example because someone has put a check mark), and you must also be able to show this afterwards by, for example, time + dates and the text of the checkmark together with the e mail address. There are a few exceptions to this, so look carefully at your specific situation and decide together with an expert whether or what changes are needed.
Sufficient security mandatory
An example of adequate security is having software up-to-date so that there are no (known) security breaches.
For example, if you have a contact form on your website or if personal data are exchanged, SSL encryption is a minimum requirement. A professional SSL certificate can be requested separately for your website via https://www.henselhosting.nl/ssl-certificaat-bestellen , or you can use the Control Panel on https://my.codeorange.co.th/ under the heading SSL Let’s Install Encrypt SSL.
Note: If you process personal data that is sensitive, such as medical information, the security requirements are stricter. For example, storing them in a database on shared hosting is no longer sufficient security.
If your data is managed or stored by a third party, you have to conclude a so-called processor agreement indicating the responsibilities.
Soon we will make a general processor agreement available that you can sign as a company if you store data with us, for example.
Note: This is only a personal interpretation of the current rules. We are not legal experts and we advise you to call in a specialist when in doubt.
The popular open-source web browser Mozilla Firefox finally released version 85.00. With significant updates including the much-awaited major privacy enhancement called network partitioning. Check out the major improvements and what’s been added and changed for the latest Firefox 85.00. What’s new? The Adobe’s popular software Flash Player is no longer supported by Firefox 85. “There is…
Back in November, Let’s Encrypt an open certificate authority announced an end to its partnership with Identrust and to “Standing on Our Own Two Feet – Let’s Encrypt”. The supposed part ways will cause compatibility issues with Android 7.1.1 or older to not be able to access HTTPS websites. In its new announcement, Let’s Encrypt has…
Apple and Cloudflare team up to develop a new internet protocol called “Oblivious DNS-over-HTTPS,” or “ODoH,” which can prevent Internet Service Providers (ISP) from knowing which websites you visit. When visiting a website the request sent can be logged and tells your ISP which websites you visited, down to the hostnames and subdomains. This information…
[Update] Let’s Encrypt Extends Support for Android 7 or Older Devices for Three Years Let’s Encrypt announced its partnership with IdenTrust will come to an end by September 1, 2021. Except for its own root certificate, Let’s Encrypt has been using a cross-signed certificate from IdenTrust. The decision to part ways is dubbed as the…
“If you make the world better for kids, you make the world better for everyone”. We have faced a lot of hurdles this year, and I know everyone can’t wait to put this year behind us and start anew.
With the internet becoming an integral part of every business today, it has also increasingly become important that DNS servers remain stable, secure, and resilient against DNS attacks. By default, you’re most likely using your Internet Server Provider (ISP) DNS servers. DNS queries through ISP’s are vulnerable to attacks as it does not always use…
What can you do to make your WordPress website faster? A fast loading website provides an improved user experience and higher rankings in Google and that is good for your website/business. 1. Install a caching plugin What is it? Caching ensures that your page does not have to be “made” continuously. Making it costs…
We offer Let’s Encrypt SSL certificates for a few years now so that together we make the internet more secure. By removing the barrier that SSL certificates cost money, and by easily installing them by pressing a button in the control panel, there is virtually no reason not to use SSL anymore. It is good to…
This is a short but powerful guide on how to keep your WordPress website safe, and protected against hackers and other scum. Roadmap Step 1: Make sure you have a good backup plan.Ask yourself this question. If your site is now suddenly deleted, can you restore a backup from 1 day back and also from 1…
The new spam filter that we introduced in 2017 works very well. Because of the positive feedback, we have decided to offer this permanently on all our packages without extra costs! You can drastically reduce spam with one click: Via the new account center on my.codeorange.co.th/login you will find an “Advanced Settings” tab under Email settings where you…