Since 25 May 2018 the General Data Protection Regulation (AVG / GDPR) has been applied. This European privacy regulation regulates the legitimate and careful handling of (personal) data.
In this blog post we will discuss some topics for website owners where you can expect particular changes.
For all member states in the EU, the same rules on privacy apply from 25 May. For many websites, these new regulations have major consequences, for example in the area of cookies, newsletters and storing user data.
The General Data Protection Regulation (AVG) gives people more opportunities to stand up for themselves when processing their data. For companies, much more emphasis is placed on accountability . You must be able to demonstrate as a company that you comply with the law. Reporting violations becomes simple, and follow-up will (also) have to be done. Fines can be extremely high (up to 20 million euros).
The law also applies to small SMEs and freelancers who process data. Such as tracking customer appointments, customer phone numbers or personnel information.
Processing of personal data
You may only collect personal data if you also have an explicitly stated purpose for it and this data must be secured against theft and loss. You must meet at least 1 of the below conditions before you record information:
- Permission from the person whose data is processed has given permission for this
- the data processing is necessary for the execution of a legal obligation (for example the data that the tax authorities register for the taxation)
- the processing is necessary for proper fulfillment of a public-law task (for municipalities, for example)
- the processing of data is necessary for the representation of a legitimate interest (for example if it is necessary for proper business operations), unless the interest of the person involved weighs more heavily. For example, this provision includes the execution of a direct mail action.
Please note that you also have a good privacy statement, which indicates, among other things, in clear language which data you save and for what purpose. It goes too far in this article to describe this exactly, so we recommend contacting a branch organization or expert.
Under the previous legislation, sending newsletters to customers who had ordered something via a webshop was allowed. That changes, also with retroactive effect. From May 25 it is only allowed to send newsletters if you have received explicit permission (for example because someone has put a check mark), and you must also be able to show this afterwards by, for example, time + dates and the text of the checkmark together with the e mail address. There are a few exceptions to this, so look carefully at your specific situation and decide together with an expert whether or what changes are needed.
Sufficient security mandatory
An example of adequate security is having software up-to-date so that there are no (known) security breaches.
For example, if you have a contact form on your website or if personal data are exchanged, SSL encryption is a minimum requirement. A professional SSL certificate can be requested separately for your website via https://www.henselhosting.nl/ssl-certificaat-bestellen , or you can use the Control Panel on https://my.codeorange.co.th/ under the heading SSL Let’s Install Encrypt SSL.
Note: If you process personal data that is sensitive, such as medical information, the security requirements are stricter. For example, storing them in a database on shared hosting is no longer sufficient security.
If your data is managed or stored by a third party, you have to conclude a so-called processor agreement indicating the responsibilities.
Soon we will make a general processor agreement available that you can sign as a company if you store data with us, for example.
Note: This is only a personal interpretation of the current rules. We are not legal experts and we advise you to call in a specialist when in doubt.
Mozilla turned the blocking of third-party tracking cookies on by default this week with the launch of Firefox 69. Although the function has been available since October’s Firefox 63, this week’s build is the first to enable the function by default, even for present customers who’re simply upgrading. Tracker blocking Mozilla is clearly not done…
In June this year, Mozilla enabled the Enhanced Tracking Protection (ETP) setting by default only for its new users who downloaded a fresh copy of firefox. Leaving old users with options to either enable the new feature manually or wait for the company to activate it for all users. Finally, the wait is over. With…
A while back Google officially posted on Twitter about sites that lease out its own subdomains. Google said “We’ve been asked if third-parties can host content in subdomains or subfolders of another’s domain. It’s not against our guidelines. But as the practice has grown, our systems are being improved to better know when such content…
Google alerts users that billions of passwords and hundreds of thousands of username and password combinations have been hacked. In February of this year, Google launched a new Password Checkup Extension for Chrome. Warning sign appears every time you log into a website using one of over 4 billion usernames and passwords that have already…
Google Chrome developers are taking steps to remove support for fetching document subresources over FTP and rendering of top level FTP resources. Currently navigating to FTP URLs result in showing a directory listing or a download depending on the type of resource. FTP Deprecation Timeline Chrome 78: Start of FTP deprecation. Chrome 80 (Q1 2020):…
Code Orange is working hard to improve the speed, security and service for websites in Thailand. We would like to share our insights to keep you and your agency in the loop: Speed is so important. 5-10 seconds loading time seems nice, but it means lost business. Aim for faster. 1-2 seconds. Use good hosting. Use caching. Use our CDN (it’s…
What did we do this year? We’re proud to have added many new and exciting agency partners Expanded our cloud infrastructure in Bangkok Became official co.th partner We added “page monitor” to our control panel (free to use): be the first to know if a website is down due to a programming error Selling 2,000+ domain extensions at…
Hosting your own website looks simple for those of us who have some technical skills. And it is. You could be up and running in an hour or so, hosting your own website on a computer in your office or at home, using the existing internet and computer. It’s true, the basics are simple. You…
We are proud to announce that VhostWeb, previously a subsidiary of Clicksee Network, is now part of the Code Orange family. VhostWeb is a high quality hostingprovider aimed at business and consumer websites that has been operating in Thailand since 2001. With this acquisition, Code Orange gains infrastructure and experienced staff needed in order to…
The popular Extended Validation extension, which is mainly used by larger institutions and banks, will no longer be prominently displayed in the Chrome and Firefox browsers starting October 2019. With EV-SSL, visitors saw a larger green text with the name of the company behind the website, which had to generate more confidence. Existing EV-SSL certificates…