First things first: What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation in European law on data protection and privacy for all individuals within the European Union. It also addresses using personal data in countries outside of the EU. This regulation aims to give control to citizens and residents over their personal data – that means some changes may need to be made to your website.
With GDPR, the concept of consent being given freely, specific and informed is being strengthened. This means all businesses need to provide more transparency to their customers by letting them know how data is being collected, stored and used.
For more information, please visit the official EU GDPR page.
When will GDPR take place?
GDPR will go into effect on 25 May 2018.
What does this mean for your WebDirect website?
Transparency is key. All customers should be able to know what will happen to their data on your website. Here are some guidelines, tips and tricks to help you:
- If you choose to create your own policy, you will be responsible for managing all translations for languages on your website. If you do not add translations, your policy will appear in the language you have written.
- Cookies can be used to track any user. With GDPR, it is necessary to get consent from customers for these cookies.
- Every WebDirect website features a default cookie notice by BookingSuite. This notice is fully compliant with European GDPR (General Data Protection Regulation) legislation and automatically translated to all languages available on your WebDirect website.
Ensure compliant contact forms
- In general, contact forms can collect a lot of personal information. Collect only the fields that you actually need for processing.
- Any data collected or processed from your customers is your responsibility to protect in light of this new regulation.
- WebDirect has created a consent tickbox which appears below your custom contact form(s) and states that the guest agrees to be entered into possible marketing campaigns by your property. This can also be changed to conform to local regulations.
- It is your responsibility to ensure that the consent tickbox on your website complies with the privacy laws in your country.
- A mandatory Captcha has also been implemented for all contact forms in WebDirect. A Captcha is a test used to determine whether a website’s user is in fact a human to restrict spamming.
Clean up your mailing lists
- If you are going to send mailing lists, make sure to request a double opt-in (e.g. an email with a confirmation link) to ensure consent was obtained by your customers.
Control third-party apps
- Ensure that the third-party apps you’ve signed up for are also compliant. As a website owner, you are also responsible for third-party apps or services you choose to add to your site.
- If you are unsure whether they are compliant or not, contact them directly to revise.
- If you use third-party app that tracks your visitors’ cookies it is your responsibility to clearly indicate it in your cookie notice
What WebDirect does with your contact information
- You can hide or display your contact information. Please find instructions on how to do so here.
- Bear in mind that your email address will always be in your default privacy and cookie policies and reservation confirmation page, regardless of these settings.
What does GDPR mean for you?
Getting yourself compliant with GDPR is an important task. Following our suggestions can direct you in the right path. For further concerns, it is highly recommended to seek professional advice should you have any specific questions on your website regarding GDPR.