LEGAL OBLIGATIONS + PRIVACY LAWS PUNCH LIST
This infographic from the European Commission is a great summary, also check out: Squarespace and Privacy.
Effective 25th May 2018, the European Commission approved a new General Data Protection Regulation. The GDPR states that if a website collects or stores data related to an EU citizen, you must comply with the following:
Tell the user who you are, why you collect the data, and how long it will be stored.
Get clear consent before collecting any data.
Give users the ability to have their data removed.
Let users know if data breaches occur.
Elect a Data Protection Officer who will be responsible for managing the personal data collected.
Conduct a personal data audit and decide what is necessary for your business.
Do you collect personal data on your site using third-party services? Read their privacy policies (Google Analytics and AdWords, Social Media, Affiliate Links, iTunes, Patreon, PayPal, Discus, Acuity).
Do you download or export data from your site into another system?
Are you gathering information you don’t need?
Create a Data Map to document the legal basis for all of the data processed Example: Data Map,
Get DPA contracts with all 3rd party services. Example: DPA Contract
Place a visible and clearly stated Cookie Notification with an opt-out option on your website.
Double opt-in is required for mailing lists. Reconfirm existing mailing list if needed
Customer Terms and Conditions tailored to your business type (original content, online shop, services for sale, blog comments).
Client Contract if needed
Back of house page with Data Map and DPA Contracts.
Cookie Banner best practice: Restrict cookie analytics unless visitor opts-in.
Newsletter best practice.: Double opt-in is required, reconfirm existing mailing list if needed
Squarespace Analytics: Disable Squarespace Activity Log.
Change site to https: