This is European legislation that replaces the Dutch Personal Data Protection Act (WBP). It is the responsibility of all companies, institutions, clubs, etc., to comply with this law.
The GDPR doesn’t just add new rules—existing rules have also been tightened considerably. In the Netherlands, the handling of personal data was laid down in the Personal Data Protection Act (WBP), but there was no legislation for the entire European Union. With the GDPR (General Data Protection Regulation), the legislation is harmonized across all EU countries.
What does the GDPR mean for your website?
- A privacy statement if you collect personal data. Asking for an email address via a web form already counts as collecting personal data. Clearly state in the privacy statement how someone can request to see which information about them has been collected (right of access), with the option to amend or delete it (right to be forgotten).
- A secure connection (SSL certificate) if you process data. Speedymax Webdesign can install an SSL certificate for your website. A free SSL certificate is included with Speedymax Webdesign’s hosting package.
- If you request personal data, ask for as little as possible. Clearly state the purpose for which you request this data. Do you have multiple purposes? Then ask for consent per purpose. You can read more under “Privacy by default” and “What must website forms comply with for the GDPR” below.
- Do you use “non-functional cookies”? Then you must display a cookie notice to request consent. Additionally, explain in a cookie statement why you use cookies and what you do with them.
Privacy by default
Privacy by default can be seen as part of “privacy by design.” It obliges you to ensure that users who can send or share personal data via your website are, by default, protected and informed as well as possible. In short: it must be as privacy-friendly as possible. This means you clearly describe, for each purpose, how you will use the requested data and what you are asking consent for.
What must website forms comply with for the GDPR
Clearly state on the page what the form’s purpose is, using a clear heading. Examples of headings include: “Create account,” “Request a quote,” “Apply now,” or “Subscribe to newsletter.” These headings make the nature of the form clear. If your form has a single, clear purpose for which you use the personal data, then it is not necessary to request separate consent to process this data via a checkbox.