If you’re like our team, you have a seemingly endless “to-do” list in order to get your firm prepared for General Data Protection Regulation (GDPR) compliance. One such consideration includes the assessment of your data collection, and whether your website (or third parties like Google Analytics) collects any personal data using forms or cookies.
Auditing Active Cookies on Your Site
In order to identify whether you’ll need to update your website’s forms, ask yourself:
- What information is being asked of the user?
- Is the information user-identifiable (first name, last name, email address, etc.)?
- Where is the information saved?
Then, you’ll need to identify how cookies are being used on the site. This can be done using Developer Tools in your browser. First, open Developer Tools; then browse to the home page of your website. There, you can see which cookies, including the name, value, domain and expiration date, are active on your home page.
Now that you have an inventory of all the cookies, you can review how the information is used and if there is user-identifiable data. This will help you work towards creating a data privacy plan that will lead your business towards GDPR compliance.
Knowing which cookies your firm is using is not enough to reach GDPR compliance. In fact, it’s essential to communicate with your users how their data is affected when interacting with your website. Those users need to:
- Be notified that the site is actively collecting their data
- How that data is being used
- Be given the ability to have it removed
Consider the Cookie Consent Box
Cookie consent can be completed in several ways, but one of the most common is through a notification box. You can create a custom consent box or use one of many third-party options that can be added to your site. However, third-party vendors often charge monthly to use their services.
The information you choose to communicate on your cookie consent is based on your firm’s approach to GDPR and data privacy and will vary from business to business. You may want to consider all the content you’d like to display, as well as UX best practices when choosing your consent box option.
Please note that One North is not a law firm nor a legal expert. We strongly recommend your legal team reviews the EU law to define your firm’s best course of action.
Interested in more on GDPR and Privacy Best Practices? Watch #1NWebinar: GDPR & Privacy Best Practices for Digital Marketers. If you’d like to discuss actionable next steps to make your digital assets compliant to the GDPR, learn more here.