Where can I get legal pages for a site to conform to GDPR laws and Google's requirements for a site?

34 replies
Well, I know this is a longshot, but I don't know what to do here. I have a website that I've been working on for over a year for a business owner. This site will be selling physical products worldwide, and I was planning on having an email capture form on the site to build an email list. It is right now ready to launch, and I have to address the Privacy Policy and Terms of Service. I have just recently found out about the GDPR laws coming into effect this month.

I was using the Auto Privacy Policy and Terms of Service wordpress plugin, thinking that would cover the site. It appears to me that it will not come close to making the site compliant. The proper thing to do would be to contact an internet attorney and spend a small fortune having legal pages written up, but that is not an option for me. So I find myself in the same boat that everyone else is in, which I can't seem to find a solution for. On top of the GDPR laws coming into effect, I saw in my Adwords account where Google requires you to have a Privacy Policy in place that satisfies their requirements, and apparently there are additional things you have to have in your Privacy Policy to meet their requirements for retargeting.

Since these laws and requirements affect basically everyone with a website, does anyone have a solution in place for this? Does anyone know of anything that I can buy that is affordable which would consist of legal pages that can be easily modified to satisfy all these requirements? If not, does anyone have any ideas on how to proceed with this for the little guys out here that don't have thousands of dollars to pay an internet attorney?
#conform #gdpr #google #laws #legal #pages #requirements #site
  • Profile picture of the author Sid Hale
    Are you sure that compliance is even necessary for the business owner?

    What personally identifiable information is collected/stored on the site? Facebook and Google (because they both collect and store personally identifiable information for the purpose of building advertising profiles) definitely face compliance issues - but you (or the site owner) may not have any liability at all.

    If you DO collect and store personally identifiable information from your site visitors then you probably have a much bigger problem than just modification of the Privacy Statement on that site.

    All personally identifiable information must be encrypted prior to storage, and you need a way to decrypt that same information when it is retrieved from storage (i.e. your database) for any manipulation or display back to the user (either on page or via email).
    Signature

    Sid Hale
    Coming Soon... Rapid Action Profits (Pro)

    {{ DiscussionBoard.errors[11358678].message }}
    • Profile picture of the author spider222
      Originally Posted by Sid Hale View Post

      Are you sure that compliance is even necessary for the business owner?

      What personally identifiable information is collected/stored on the site? Facebook and Google (because they both collect and store personally identifiable information for the purpose of building advertising profiles) definitely face compliance issues - but you (or the site owner) may not have any liability at all.

      If you DO collect and store personally identifiable information from your site visitors then you probably have a much bigger problem than just modification of the Privacy Statement on that site.

      All personally identifiable information must be encrypted prior to storage, and you need a way to decrypt that same information when it is retrieved from storage (i.e. your database) for any manipulation or display back to the user (either on page or via email).
      Hi Sid,
      Thank you for your reply. I am planning on having an autoresponder on the site to collect names and email addresses. I was planning on using Trafficwave.net for that, so I may need to check with them and make sure their system is in compliance with any laws that will be taking effect.

      Other than that, I am using woocommerce to sell the products, so people will enter their name, email, address, and phone number for order processing, with payments taken through Paypal. Their name, address, email, and phone number will be submitted through woocommerce on the site though, which will show on orders in the backend of the site, will be printed on their invoices, and will be emailed to them in a receipt and also emailed to the site owner for order notification. There is also a contact page on the site which will collect their name and email if they fill out the form. I'm using the Contact Form 7 plugin for that form.

      Outside of those things, I will be using Google Analytics, and I was thinking about trying to do some retargeting options, which is new to me, but I noticed that Google requires you to select a box stating that you understand that you will notify customers of how you are using their data. I'd have to go back to that page and look at it to get a better understanding of what they are talking about, but for now I left that box unchecked until I can figure out how to proceed.

      Since making this post, I have seen that their are several Wordpress plugins that supposedly help you make your site GDPR compliant, but I don't know anything about them yet or exactly what they do to help you become compliant.

      I have taken the advice of Steve B and am looking at Autoweblaw.com, which helps you create legal documents that are written by an internet attorney. It looks to me to be well worth the money, provided it is up to date with current laws, but I don't think it would address the GDPR side of things.

      You mentioned that everything must be encrypted prior to storage in a database, and then decrypted when displayed on the page or in an email. I have an SSL certificate on the site, but outside of that what else could I do to encrypt the user information when they process an order? How would that apply in the process of how we would be using their information with orders or with emails?

      Thanks for your time. This whole situation has me quite concerned.
      {{ DiscussionBoard.errors[11358798].message }}
      • Profile picture of the author Sid Hale
        Let me begin by stating that I am not an attorney.

        I have, however, read up extensively on GDPR and think I have a pretty good understanding of the provisions that require special attention to insure compliance...

        Originally Posted by spider222 View Post

        Thank you for your reply. I am planning on having an autoresponder on the site to collect names and email addresses. I was planning on using Trafficwave.net for that, so I may need to check with them and make sure their system is in compliance with any laws that will be taking effect.
        If you are running an autoresponder script on the site, therefore collecting names/email addresses into a database on the site, you may need to encrypt that information as mentioned on my previous reply.

        HOWEVER, if you are simply using an opt-in form from an external autoresponder service (aweber, trafficwave.net, etc.), the service is storing the information in THEIR database, and bears the responsibility for encrypting any personally identifiable data. In this instance, you should provide a brief "privacy statement" directly under the optin form (i.e. "Your submitted information is protected and will not be shared or misused in any way")

        Originally Posted by spider222 View Post

        Other than that, I am using woocommerce to sell the products, so people will enter their name, email, address, and phone number for order processing, with payments taken through Paypal. Their name, address, email, and phone number will be submitted through woocommerce on the site though, which will show on orders in the backend of the site, will be printed on their invoices, and will be emailed to them in a receipt and also emailed to the site owner for order notification. There is also a contact page on the site which will collect their name and email if they fill out the form. I'm using the Contact Form 7 plugin for that form.
        Likewise, a 3rd party payment processor (i.e. Paypal) will store the personally identifiable information on their system and are responsible for maintaining sufficient privacy controls. However, if customer information is also collected by WooCommerce (and it probably is) it would be prudent to register your concerns with their helpdesk, as the WooCommerce script contains the code that currently records sales information on your site.

        If memory serves, information collected by the Contact Form 7 plugin is stored in your Wordpress database and is, therefore, your responsibility. While this is a free plugin... I believe that there is a support area where you can ask specific questions of the developer.

        Originally Posted by spider222 View Post

        You mentioned that everything must be encrypted prior to storage in a database, and then decrypted when displayed on the page or in an email. I have an SSL certificate on the site, but outside of that what else could I do to encrypt the user information when they process an order? How would that apply in the process of how we would be using their information with orders or with emails?
        SSL only encrypts information while it is in transit between the visitor's browser and your web server. That information is automatically decrypted before it is handled by your web site and/or written to your WP database. In other words, it has NO bearing on this issue, and does nothing to help you with GDPR compliance.
        Signature

        Sid Hale
        Coming Soon... Rapid Action Profits (Pro)

        {{ DiscussionBoard.errors[11358822].message }}
        • Profile picture of the author spider222
          Thank you Sid for taking the time to provide such detailed answers to my questions. You have pointed me in the right direction of some things I need to do. Steve B has also pointed me in the right direction with legal forms, so much appreciation to both of you. I currently have multiple tabs open discussing how the GDPR affects Wordpress and Woocommerce sites, and it all seems overwhelming.

          I don't see too many people being able to figure out how to comply with all of their rules. Considering the potential consequences of non-compliance, it is quite scary. I know I'm in the same boat with literally millions of other people, and I can't help but wonder how many people are even aware of what is about to happen with all of this.
          {{ DiscussionBoard.errors[11358858].message }}
        • Profile picture of the author Ian Jackson
          Hi Sid, did your research (or your conclusions) suggest anything about list-sharing/swapping with regard to the following

          "Your submitted information is protected and will not be shared or misused in any way"


          My cautious guess is that it'd still be ok as it's just another promo platform,a nd would be adhereing to the same optin legalities/warnings/procedures as our own; if they were not, then one wouldn't exchange.

          Thanks
          Ian

          Originally Posted by Sid Hale View Post

          Let me begin by stating that I am not an attorney.

          I have, however, read up extensively on GDPR and think I have a pretty good understanding of the provisions that require special attention to insure compliance...



          If you are running an autoresponder script on the site, therefore collecting names/email addresses into a database on the site, you may need to encrypt that information as mentioned on my previous reply.

          HOWEVER, if you are simply using an opt-in form from an external autoresponder service (aweber, trafficwave.net, etc.), the service is storing the information in THEIR database, and bears the responsibility for encrypting any personally identifiable data. In this instance, you should provide a brief "privacy statement" directly under the optin form (i.e. "Your submitted information is protected and will not be shared or misused in any way")



          Likewise, a 3rd party payment processor (i.e. Paypal) will store the personally identifiable information on their system and are responsible for maintaining sufficient privacy controls. However, if customer information is also collected by WooCommerce (and it probably is) it would be prudent to register your concerns with their helpdesk, as the WooCommerce script contains the code that currently records sales information on your site.

          If memory serves, information collected by the Contact Form 7 plugin is stored in your Wordpress database and is, therefore, your responsibility. While this is a free plugin... I believe that there is a support area where you can ask specific questions of the developer.



          SSL only encrypts information while it is in transit between the visitor's browser and your web server. That information is automatically decrypted before it is handled by your web site and/or written to your WP database. In other words, it has NO bearing on this issue, and does nothing to help you with GDPR compliance.
          {{ DiscussionBoard.errors[11359528].message }}
  • Profile picture of the author Steve B
    Originally Posted by spider222 View Post

    . . . does anyone have any ideas on how to proceed with this for the little guys out here that don't have thousands of dollars to pay an internet attorney?

    Spider,

    Internet marketer Armand Morin used to sell a product which generated policies and terms of service for Internet marketers. I don't know if it's still available or not - but you might try Googling "autoweblaw" - as I recall it was about $150. Not cheap, but it's better than thousands. Of course, the best solution is to talk to your own attorney who deals in Internet law.

    Good luck,

    Steve
    Signature

    Steve Browne, online business strategies, tips, guidance, and resources
    SteveBrowneDirect

    {{ DiscussionBoard.errors[11358732].message }}
    • Profile picture of the author spider222
      Originally Posted by Steve B View Post

      Spider,

      Internet marketer Armand Morin used to sell a product which generated policies and terms of service for Internet marketers. I don't know if it's still available or not - but you might try Googling "autoweblaw" - as I recall it was about $150. Not cheap, but it's better than thousands. Of course, the best solution is to talk to your own attorney who deals in Internet law.

      Good luck,

      Steve
      Thank you Steve for taking the time to reply and for your suggestion. I am checking that out now at autoweblaw.com. It looks like it may be a good option to at least cover most things, although I don't think it will address the GDPR laws. It may be a start in the right direction though.
      {{ DiscussionBoard.errors[11358799].message }}
  • Profile picture of the author IGotMine
    I was planning on using Trafficwave.net for that,
    I would strongly recommend you use most any other AR. TW is the worst as far as UI.

    If Aweber, Getrepsone, etc. were smartphones, TW would be an old connected-to-the-wall rotary dialer.
    Signature
    $1 Billion Free Traffic Loophole - 10 Done For You Free Traffic Software Tools
    Get FREE Traffic Right Now! >>>
    {{ DiscussionBoard.errors[11359105].message }}
    • Profile picture of the author spider222
      Originally Posted by IGotMine View Post

      I would strongly recommend you use most any other AR. TW is the worst as far as UI.

      If Aweber, Getrepsone, etc. were smartphones, TW would be an old connected-to-the-wall rotary dialer.
      Thank you. I"m just curious, when you say UI do you mean User Interface? I signed up with them because you can have an unlimited number of subscribers for $17.95/month. I was under the impression that their emails had a good reputation for being delivered, and I haven't heard anything bad about them, but I'm not an email expert by any means.
      {{ DiscussionBoard.errors[11359144].message }}
  • Profile picture of the author DIABL0
    [DELETED]
    {{ DiscussionBoard.errors[11359137].message }}
  • Profile picture of the author IGotMine
    when you say UI do you mean User Interface?
    Yes.

    I haven't heard anything bad about them
    Outdated, difficult to use, horrible support...need I go on?
    Signature
    $1 Billion Free Traffic Loophole - 10 Done For You Free Traffic Software Tools
    Get FREE Traffic Right Now! >>>
    {{ DiscussionBoard.errors[11359160].message }}
  • Profile picture of the author DIABL0
    I found this which appears to provide a free account and be GDPR compliant.

    https://www.iubenda.com/en/

    It does say the free account has some limitations. I sent a message to find out what the difference is for free VS paid and to make 100% sure it covers GDPR.

    Even if for some reason you need a paid account, it is only $27 per year. Which cheap compared to generators I found on the web.

    I will update post once they respond to my message.



    I also found this site that has a free GDPR generator. The problem is that I can't get it to display in English, even though there is an English option. Appears that the site is German. If you can read it, it could work for you.

    https://dsgvo-muster-datenschutzerkl...tz.de/?lang=en

    I found this privacy policy generated using it.

    GDPR Privacy Policy - Amy Faith Photography


    I also found a free GDPR template. But it is pretty confusing if you don't understand all the terminology.

    https://seqlegal.com/free-legal-docu...privacy-policy
    Signature
    How to Build LARGE EMAIL LISTS on a Budget and MONETIZE Like a PRO
    18 Years Exp . . . . . . . . . . . . Email - CPA - PPL
    {{ DiscussionBoard.errors[11359532].message }}
    • Profile picture of the author spider222
      Originally Posted by DIABL0 View Post

      I found this which appears to provide a free account and be GDPR compliant.

      https://www.iubenda.com/en/

      It does say the free account has some limitations. I sent a message to find out what the difference is for free VS paid and to make 100% sure it covers GDPR.

      Even if for some reason you need a paid account, it is only $27 per year. Which cheap compared to generators I found on the web.

      I will update post once they respond to my message.



      I also found this site that has a free GDPR generator. The problem is that I can't get it to display in English, even though there is an English option. Appears that the site is German. If you can read it, it could work for you.

      https://dsgvo-muster-datenschutzerkl...tz.de/?lang=en

      I found this privacy policy generated using it.

      GDPR Privacy Policy - Amy Faith Photography


      I also found a free GDPR template. But it is pretty confusing if you don't understand all the terminology.

      https://seqlegal.com/free-legal-docu...privacy-policy
      Thank you Diablo for your efforts to find available solutions. I'll look into these as well. Right now I'm so overwhelmed with all of this. The legal forms are just one small aspect of being compliant with these laws. With my site being a woocommerce site, the things required to become compliant are literally very scary. One mistake and your life could be ruined. It's like they expect every website owner to have a team of lawyers and a dedicated Data Management Team. This is a nightmare.
      {{ DiscussionBoard.errors[11359545].message }}
      • Profile picture of the author DIABL0
        Originally Posted by spider222 View Post

        Thank you Diablo for your efforts to find available solutions. I'll look into these as well. Right now I'm so overwhelmed with all of this. The legal forms are just one small aspect of being compliant with these laws. With my site being a woocommerce site, the things required to become compliant are literally very scary. One mistake and your life could be ruined. It's like they expect every website owner to have a team of lawyers and a dedicated Data Management Team. This is a nightmare.
        I'm not sweating it. All my data is stored by ESPs that is EU.

        Data that I don't send via ESP is all US.
        Signature
        How to Build LARGE EMAIL LISTS on a Budget and MONETIZE Like a PRO
        18 Years Exp . . . . . . . . . . . . Email - CPA - PPL
        {{ DiscussionBoard.errors[11359551].message }}
  • Profile picture of the author agmccall
    I often wonder if people in the U.S. have to be compliant. I mean. I am a U.S. company located in the U.S. if anyone visits my site they are in essence leaving whatever country they reside in and engaging in commerce or whatever at my site in the U.S. Lets face it. If I have a store here in the U.S. and someone from England is visiting I do not have to conform to their laws only the ones in my local, state, and federal jurisdiction.

    al
    Signature

    It is true that money can not buy happiness, But it is more comfortable to cry in a Mercedes than on a bicycle

    {{ DiscussionBoard.errors[11359540].message }}
    • Profile picture of the author DIABL0
      Originally Posted by agmccall View Post

      I often wonder if people in the U.S. have to be compliant. I mean. I am a U.S. company located in the U.S. if anyone visits my site they are in essence leaving whatever country they reside in and engaging in commerce or whatever at my site in the U.S. Lets face it. If I have a store here in the U.S. and someone from England is visiting I do not have to conform to their laws only the ones in my local, state, and federal jurisdiction.

      al
      If you collect EU data you have to be compliant regardless where you are located.
      Signature
      How to Build LARGE EMAIL LISTS on a Budget and MONETIZE Like a PRO
      18 Years Exp . . . . . . . . . . . . Email - CPA - PPL
      {{ DiscussionBoard.errors[11359549].message }}
      • Profile picture of the author agmccall
        Originally Posted by DIABL0 View Post

        If you collect EU data you have to be compliant regardless where you are located.
        That is fine. I do not collect data anyway. My point was how can the EU enforce their laws on a U.S. Business as long as I am compliant with the laws where live.

        al
        Signature

        It is true that money can not buy happiness, But it is more comfortable to cry in a Mercedes than on a bicycle

        {{ DiscussionBoard.errors[11359639].message }}
  • Profile picture of the author JohnMcCabe
    Originally Posted by Ian Jackson View Post

    Hi Sid, did your research (or your conclusions) suggest anything about list-sharing/swapping with regard to the following

    "Your submitted information is protected and will not be shared or misused in any way"


    My cautious guess is that it'd still be ok as it's just another promo platform,a nd would be adhereing to the same optin legalities/warnings/procedures as our own; if they were not, then one wouldn't exchange.

    Thanks
    Ian
    You might want to take a second guess.

    Think about it. Saying that the list will not be shared, and then sharing it or swapping it (which is basically the same thing), is pretty much the textbook definition of "bald faced lie."

    Has nothing to do with GDPR and everything to do with basic honesty.
    {{ DiscussionBoard.errors[11359555].message }}
  • Profile picture of the author amuro
    You can get a free Wordpress plugin that you can search and add WP Legal Pages within your WP Dashboard.
    {{ DiscussionBoard.errors[11359794].message }}
    • Profile picture of the author OptedIn
      Originally Posted by amuro View Post

      You can get a free Wordpress plugin that you can search and add WP Legal Pages within your WP Dashboard.
      That product (I own it), last time I checked (very recently), was not updated to include the requirements stated by the OP.
      Signature

      "He not busy being born, is busy dying." - Bob Dylan • "I vibe with the light-dark point. Heavy." - Words that Bob Dylan wishes he had written.

      {{ DiscussionBoard.errors[11363253].message }}
  • This is the UK Information Commissioner Office site where much of the GDPR detail can be found: https://ico.org.uk/
    Also:
    https://ico.org.uk/for-organisations...dpr-resources/

    Note the EU (and most countries) have their own regulations
    {{ DiscussionBoard.errors[11359884].message }}
  • Profile picture of the author BeverlyTaylor
    This looks like it could be helpful:
    https://wordpress.org/plugins/wp-gdpr-compliance/

    I also got a quote for $200 from an online lawyer in another country (from Upwork).

    I'm also trying to figure out what I really have to do. I'm in US and don't overtly market outside the US, but as I'm on the internet, anyone around the world can subscribe or buy a product.

    But how can EU go after a US company in the US?
    Signature
    Join our affiliate program! Earn $400 or more for 1 sale! Lucrative commissions.
    http://www.warriorforum.com/affiliat...ffiliates.html
    {{ DiscussionBoard.errors[11360204].message }}
  • Profile picture of the author Net66
    You can use this free tool I created (no opt-in or jumping through hoops), just be sure to watch the video first in which I stress I AM NOT A LAWYER!

    https://pages.andybrocklehurst.com/legalpagemaker


    Hope that helps

    Andy
    Signature
    What I do - And How I do it. My Personal Blog...
    http://AndyBrocklehurst.com
    {{ DiscussionBoard.errors[11360573].message }}
  • Profile picture of the author JohnMcCabe
    How could the EU come after a US company?

    While it would take more time than I have right now to confirm, if I had to guess it would be similar to international copyright laws. In theory, the US would agree to enforce GDPR for US companies dealing with the EU.
    {{ DiscussionBoard.errors[11360657].message }}
  • Profile picture of the author BeverlyTaylor
    Hi all,
    I sent this email to my clients, in case any of you do website work. If you notice, I copied a bit from others above (thank you very much).

    Feel free to use any of my email if it helps for your clients. It doesn't look like I can post an attachment, so just do a search on: preparing-for-the-gdpr-12-steps.pdf

    -------------------------------------------------------------------------------

    The European Union has passed a law that is more restrictive to how you handle your subscribers' and customers' data.

    I am not a lawyer, so this is NOT legal advice. It's best to check with a lawyer, ESPECIALLY if you market to Europe. As our websites are open to the internet, that means anyone in Europe can subscribe to our emails or buy one of our online products. I don't know how the EU could possibly go after us, but who knows? Perhaps better safe than sorry. While it would take more time than I have right now to confirm, if I had to guess it would be similar to international copyright laws. In theory, the US would agree to enforce GDPR for US companies dealing with the EU.

    I've found some info that may help you.

    1) I've attached a document we found on the internet that summarizes GDPR.

    2) If you want a lawyer, I found a lawyer from Kenya on Upwork who has been very helpful and gave me the cheapest quote ($200) for one website.

    https://www.upwork.com/freelancers/~012226951bd485c932

    Hillary Muthomi

    This is what he told me:
    In your case and that of your clients, updating terms of use and privacy policy that is GDPR compliant is sufficient. You don't need to do more than that since that would regulate your web presence.

    3) Here is possibly the easiest way to do it (and free). He's not a lawyer. Watch his video first he said. It's free, but you can donate to him.

    https://pages.andybrocklehurst.com/legalpagemaker

    4) Here is a free Wordpress plugin that probably does the same as the website above:
    https://wordpress.org/plugins/wp-gdpr-compliance/

    Please note that if you want us to post the docs on your website, there would be a small fee. I haven't had time yet to figure that out, but it should be minimal. The easiest/cheapest way is for you to create a page in Wordpress, then copy in the info. If you already have Terms of Use and Privacy Policy pages, then just copy in the info from legalpagemaker and you don't need to involve us!

    There is a possibility that you will need to send an email to your subscribers telling them you have changed your privacy policy and terms of service. I haven't gotten that far to know if I need to do it or not. You probably have seen loads of companies emailing updated Privacy Policies. Most likely it's for GDPR.

    I am NOT an expert in this, so make sure you do your own due diligence. If you don't mind, please send me anything you have found.

    One more thing, by July, you will want to have a SSL Certificate. That means your website will be https and if you are currently using http you will then forward it to the https version. Google essentially will be requiring it by showing a not very nice page saying something like "this website is not secure". While I know most of your websites are secure, you will want to do this. Otherwise you will lose a lot of viewers/subscribers/buyers. You will need to purchase the SSL certificate from your domain provider. For GoDaddy, make sure you call their customer support. They often have sales. I was able to get a 50% off for 5 of my websites. Their normal price is $79. You may be able to get 30% off. Another way to get it is to call them and ask about it (but don't buy). Then you will get an email "how did we do?". Complete the quick survey. The email will give you a code that will give you probably 25% off. Then call back and buy the SSL Certificate. If you want us to do the work, I will be creating a quote.

    This legal stuff is not my favorite, but sometimes we have to deal with it. In both of these situations as far as I can see we will need to.
    Signature
    Join our affiliate program! Earn $400 or more for 1 sale! Lucrative commissions.
    http://www.warriorforum.com/affiliat...ffiliates.html
    {{ DiscussionBoard.errors[11360734].message }}
  • Profile picture of the author mostCPA
    For me, I wrote my legal pages of my website myself, so I suggest to learn that.
    {{ DiscussionBoard.errors[11361261].message }}
    • Profile picture of the author JohnMcCabe
      Originally Posted by mostCPA View Post

      For me, I wrote my legal pages of my website myself, so I suggest to learn that.
      There's an old saying in America...

      "Someone who represents themself in a legal matter has a fool for a client."
      {{ DiscussionBoard.errors[11362538].message }}
  • Profile picture of the author mostCPA
    the matter up to you, if you have suitable experience with legals issues, so I believe that you should build it yourself.
    {{ DiscussionBoard.errors[11362543].message }}
  • Profile picture of the author ctrlaltdel
    Hi,
    For the record I am not a lawyer but, as someone who lives in the UK and dealt with their strict data protection laws while working in IT for various companies including banks, just updating your Terms & conditions and Privacy policy pages is not sufficient.

    I believe the parts of the regulations that will affect most small businesses will be:

    All site visitors including returning visitors who previously accepted your T&C s MUST accept your new T&C's and Privacy policy.

    The right to be forgotten means if someone contacts you asking to be forgotten, you have to supply them with all the data you have on them and confirm you have deleted that data or have a good reason why you cannot. That includes blog posts and comments.

    The right to rectification means if they ask for something to be corrected even if only to correct their email address or a blog post you must comply and inform them you have complied.

    The GDPR regulations only recommend data encryption it is not compulsory but it would be foolish
    not to encrypt sensitive data such as credit card details etc.

    If you are aware of a data breach e.g. a website hack or that data has been stolen you are obliged to inform ALL your registered site visitors and the relevant Data Protection agency / government department in your country.

    I am sure if you put procedures in place to deal with these eventualities and keep a written record of them you will comply with the regulations.
    {{ DiscussionBoard.errors[11363085].message }}
    • Profile picture of the author spider222
      Originally Posted by ctrlaltdel View Post

      Hi,
      For the record I am not a lawyer but, as someone who lives in the UK and dealt with their strict data protection laws while working in IT for various companies including banks, just updating your Terms & conditions and Privacy policy pages is not sufficient.

      I believe the parts of the regulations that will affect most small businesses will be:

      All site visitors including returning visitors who previously accepted your T&C s MUST accept your new T&C's and Privacy policy.

      The right to be forgotten means if someone contacts you asking to be forgotten, you have to supply them with all the data you have on them and confirm you have deleted that data or have a good reason why you cannot. That includes blog posts and comments.

      The right to rectification means if they ask for something to be corrected even if only to correct their email address or a blog post you must comply and inform them you have complied.

      The GDPR regulations only recommend data encryption it is not compulsory but it would be foolish
      not to encrypt sensitive data such as credit card details etc.

      If you are aware of a data breach e.g. a website hack or that data has been stolen you are obliged to inform ALL your registered site visitors and the relevant Data Protection agency / government department in your country.

      I am sure if you put procedures in place to deal with these eventualities and keep a written record of them you will comply with the regulations.
      Thank you for taking the time to reply with great details. Since I made this post I have been studying every day on this subject trying to figure out exactly what I need to do. There is much to do for anyone who has a website, regardless of where you live. I've come to the conclusion that very few people are even remotely prepared for this.

      I'm sure that in time there will be steps laid out that will show someone specifically how to modify their website(s) and establish the systems necessary to be able to do all these things, but for now, it all seems very overwhelming.
      {{ DiscussionBoard.errors[11363115].message }}
  • Profile picture of the author arttse
    Hopefully this article articulates the new requirements.
    https://blog.aweber.com/email-market...g-debunked.htm
    {{ DiscussionBoard.errors[11363515].message }}
  • Profile picture of the author spearce000
    You can find some good "boilerplate" templates here https://termsfeed.com/ (not an affiliate link). They offer both free and paid-for versions.

    There's also some good information here: https://ico.org.uk/for-organisations...egulation-gdpr

    If you've already got a privacy policy, it probably just needs updating. I found the information on this site (https://www.econsultancy.com/blog/69...-with-examples) very helpful for updating mine.
    Signature
    WordPress Security Clampdown – was just for the War Room, now available to all Warriors. Protect your WordPress site from hackers. No opt-in required.
    {{ DiscussionBoard.errors[11363525].message }}
  • Profile picture of the author Glenn Newsome
    You may want to contact https://www.warriorforum.com/members/jscotttalbert.html

    He is a lawyer and a long time ago he had a WSO for website legal forms.

    Not sure if the forms or notices cover everything you need or updated.

    Worth checking into. Maybe you can even find old WSO.

    Glenn

    edit: here is his website and page with legal forms
    https://lawyer2warrior.com/products/
    Signature
    WSO Addicts Blog

    AKA "webnetincome" before the big name changes!
    {{ DiscussionBoard.errors[11390287].message }}

Trending Topics