GDPR Compliance Deadline – 6th October 2020

Following from the European GDPR regulations which came into force 25th May an important deadline is upcoming for companies (Data controllers) to be compliant with the Data Protection Act. There was some time set aside to allow companies to get ready for this change but the final deadline is 6th October 2020.  There are lots of technical and legal implications so we will try to simplify the important details as follows :-

As a website owner what do I need to know ?

In order to fully comply with GDPR visitors arriving at websites must be given the option to specify how they will experience and be tracked while using the website. This has to be clear, comprehensive and as user friendly as possible.

The usual method to achieve this is via “Cookies” which are small pieces of code which are downloaded on your computer the first time you visit a website.

Cookies can have a variety of purposes :-

  • Necessary – They are required to allow the website to actually work in the way it was designed.
  • Preference – They may save some of the preferences that you set on the screen so you don’t have to set them each time you come back to the website.
  • Statistical – They may record data like visitor clicks and pages visited so website owners can analyse how their websites are being used.
  • Marketing – They may capture data on items or adverts that visitors have interacted with so that it can used as marketing campaigns on this or other websites.

So what’s the problem with Cookies?

Nothing – as long as the visitor knows that these cookies are being downloaded onto their computer and has explicitly agreed to it. But if that consent is assumed, inferred or nudged then technically you as the website owner are in breach of the GDPR Act 2018. As the website owner you may not actually be doing anything with the data but you have a responsibility as you may be allowing 3rd party companies to access that data via the Cookies who may use it, sell it or even have it misused.

But I have a Cookies Notice on my website – isn’t that ok?

Probably not – The “cookie consent” mechanism has evolved alot since 2018 and its no longer sufficient just to have a pop up box or banner on the screen telling visitors your site uses cookies. The consent must be :-

  • Clear and Comprehensive
  • Prominent and Easily Accessible
  • Outline the purposes of processing the information

It should also allow the visitor to review the cookie consent they have already agreed to and withdraw it quick and easily if they so choose to – just like the one below.

Cookie Preferences

I am only a small company – nobody will notice right?

Wrong – the Data Protection Commissioner for Ireland has already carried out an initial inspection of 40 companies in Ireland and activities to expand on website audits will be expanding post the deadline on 6th October 2020.

What do I do to make sure my website is compliant?

  • Get a review of your website by someone who know the GDPR Requirements
  • Install a Cookie Management Platform
  • Update your Cookie Policy to reflect the Cookies that in use on your website

Need expert GDPR advice?

Talk to John Nealon on www.dataprotectionservice.ie who can perform independent website cookie and tracking reviews.

Need to get your website GDPR compliant ?

Contact Us about implementing a Cookie Management Platform to keep you compliant.