GDPR and Cookies: A Short and Sweet Guide to Being Compliant
When you think of GDPR, you may think of complications, annoying pop ups and stress. But by jumping through a couple of flaming hoops you can get on top of this checklist and make sure you’re covering yourself. Luckily here at Kooba, we’re pretty flame resistant, so we can help to advise you through this tricky process (along with the guidance from your legal team). And you would want to get on top of it – if you’re not compliant with these regulations you could face a fine of up to 20 million euro. So yes, not really pocket change.
So what is GDPR?
GDPR is a set of data privacy laws that affects how we collect personal data of people who live in the EU. Visitors to a site must give explicit consent to their personal data being collected. However, it goes beyond this. GDPR is not limited to information like IP address and location. The law also applies to things like racial or ethnic data, political opinions, and sexual orientation. So now you’re in the know.
These stipulations have created quite a remarkable design challenge: creating better, clearer interfaces that make navigating privacy easier for users. So often privacy settings are hidden deep inside applications where no one can find them, and of course the policies are dense texts of complicated jargon that intimidates even the legal department. So to gain the users trust, it is vital then to be as transparent and simplified as possible when communicating this information.
This component needs to happen during the design process. It is typical to wait until the build phase however before getting into implementation and ad-tech for your business model, you need to have these conversations much earlier in your ideation phase. That means GDPR is on the table during brainstorming – similar to how healthcare products are built around regulations like HIPAA from the beginning.
As suggested, full GDPR compliance means more than adding a cookie consent pop-up to a website. To be 100% sure that a site complies with the regulations, some steps must be taken. Read through the below essential technical requirements that we can help you with:
Opt-ins
Any forms that invite users to share information must actively require an opt-in. Users must tick the boxes; the options must not be preselected. This active opt-in rule applies to cookie consent and subscriptions to mailing lists plus notifications. Separate tick boxes must be provided for different types of consent as well. Phone contact, email - each communication method requires a separate confirmation. And, if you are passing that data to third parties, each of those parties must be listed for separate consent. It’s long, but necessary.
Recommended by LinkedIn
Cookie consent
There’s no getting around it. Cookie consent cannot be implied or gained by a failure to opt-out. Instead, the user must be specifically asked for their permission to store cookies on their computer. How a website uses cookies should also be detailed in the privacy policy. And even cookies used by anonymous tracking software, like Google Analytics, should be mentioned in the privacy policy. Whatever you do, don't be a cookie monster, do the right thing and be upfront and clear about your cookie policy.
IP tracking
The IP (Internet Protocol) address of a computer is personal information under GDPR. So, if a site collects and stores IP addresses, this must be stated. Some third-party plugins and apps that you have installed on your website may collect IP addresses. Sometimes IP addresses of visitors are logged. Watch out for this also, these will need to be disclosed in the privacy policy.
So there’s a lot in it. But our team is knowledgeable about GDPR cookies. Privacy is central in the web design process and here at Kooba, we incorporate GDPR messaging on a new level so that it’s not a hindrance to the website, but is skillfully integrated into the site: Doing what design does best – solving a problem in an aesthetically pleasing way.
If you want the most effective website, establish trust between the site and the user – this can only be done if user privacy is respected. When designing for GDPR think to yourself, how can I strike the balance between easy enjoyable UX and privacy compliance? How do I respect my user throughout their experience, privacy included?
Even though it is time consuming, creating a well-designed website that is clear, transparent and breeds trust and good UX will be worth it. In the long run it’ll be good for users and even better for your business. So once you speak to your legal team, we’d love to work with you to design for privacy compliance.