Everyone who uses a website knows that privacy and General Data Protection Regulation (AVG) are of great importance. Also when you manage a website. So you want to be extra careful with this but don't know exactly where to start yet. In this blog we will elaborate on this concept. After a brief explanation of this essential concept, 2manydots will draw up a checklist based on a step-by-step plan. After completing these eight steps, your website will be fully AVG proof. If after reading this blog you still need a helping hand, 2manydots with its years of experience in this field can play a role.
What is AVG?
Organizations want to collect more data every year but privacy is becoming increasingly important. People are increasingly questioning whether it is wise to leave personal data behind everywhere. The AVG law ensures that organizations no longer handle the data of their clients indiscriminately. The General Data Protection Regulation (AVG) is a privacy law that applies to the entire European Union. This AVG privacy law was put in place from May 25, 2018, replacing the Personal Data Protection Act (Wbp). With the help of this AVG privacy law, all personal data is protected and regulated in the same way. AVG is also known by its English name general data protection regulation (GDPR or AVG GDPR). The AVG law simply states that you can only use personal data for a purpose. So don't just ask them out.
AVG website checklist
Now that you know what the AVG law is for, 2manydots explains how to effectively comply with this AVG law. The importance of this privacy law is therefore not negligible. In order to help your organization get started in the best possible way, 2manydots has created a checklist.
1. Provide a clear privacy statement
As a website you are legally obliged to inform your visitors about the collection of personal data by your website. You must also state what you will do with this data. Do not draft this privacy statement using all kinds of difficult terms. It is important for the visitor and he or she must understand what happens to the visitor's data. So be transparent and state in your statement that you collect personal data and the purpose.
2. Install Cookiebot
Cookies have become an integral part of the online scene in recent years. With cookies you can distinguish users of your website. The AVG law nowadays obliges you to ask explicit permission for placing cookies on your website by means of a cookie statement. To make it easy for your website a Cookiebot has been developed. 2manydots has been using a Cookiebot for years, and also installs them at clients. Besides the fact that a Cookiebot complies with the AVG law, the layout of this form of cookie statement looks nice and is very dynamic. But the great convenience of the Cookiebot lies in the scan that is performed once in a while. With this you can see exactly which website contains your cookies.
3. SSL or TLS certificate.
This AVG term sounds very complicated, but this certificate actually just makes sure that you keep hackers out. With an SSL certificate the web traffic between the visitor's browser and the web server is encrypted. An encrypted website is easily recognized by https://. Especially the last "s" is important. If there is only http:// the website is not encrypted. This certificate is particularly useful if your website has a contact form where visitors have to leave personal data.
4. Forms and accounts.
Make sure at all times that you only ask for the data that is strictly necessary, this is required by the AVG law. It happens regularly that contact forms contain questions that the website owner does nothing with. This will not benefit your organization and the contact form will not be any more user friendly. You run an unnecessary risk of personal data leaks. This core rule is also laid down in the regulations of the AVG law. So check your contact forms for unnecessary questions. In addition, submitted personal data may not be stored longer than necessary. Therefore, pay attention to the retention period when submitting forms.
5. Opt-in & opt-out according to the AVG
A visitor to your website does not have to agree to give you (all) personal data. If the visitor indicates that he does not want to leave any personal data, the organization must remove it immediately according to AVG law. The same scene applies to, for example, a newsletter that your organization puts out. Visitors should have the option to sign up for a monthly newsletter. But it is just as important that a visitor, if he does not want to receive a newsletter anymore, can unsubscribe from a newsletter. This button should always be clearly visible. However much you want your visitors to subscribe to your newsletter, privacy and the preference of your visitors always come first.
6. Run down who can log in
An account is created for each employee within an organization. Logical, because these employees need to be able to work in the system to make adjustments. The accounts that can log into your website are also the only accounts that can view personal data. When an employee decides to leave after years of service, you often see that the account of the employee remains. The employee can then, without being employed by your organization, break into the personal data of, for example, customers. So always check who can currently log into your website. Are there any accounts among them that no longer have anything to do with your organization? Delete these accounts immediately and make sure that you do not know what happens to personal data.
7. Set up Google Analytics properly
Google analytics is a very useful tool to view data from your website. However, Google Analytics also collects personal data. In order for Google Analytics to comply with the AVG law, some settings need to be adjusted for this.
Don't let Google process full ip addresses by removing the last part of ip addresses before you put them in Google Analytics.... You can do this easily by adding a line to your tracking code. Also, never share your data with Google Analytics. You can prevent this by simply disabling the 'share your data with Google Analytics' option. Also, disable the User ID feature on Google Analytics. Finally, also disable the 'share data for advertising purposes' button. Turning this off will prevent personal data from ending up with third parties.
8. Check settings of WordPress plugins
WordPress is a widely used cms. 2manydots also uses it. However, it is important for the AVG law to correctly configure the various WordPress plugins. Your website most likely uses several WordPress plugins as well. Our tip is to carefully check all your available plugins. On the developer's website you can find out if the plugin in question complies with the AVG law. If this is not the case, the plugin probably asks for too much (often unnecessary) personal data. It is then advisable to consider whether these WordPress plugins add the right value. If this is not the case, you can disconnect the WordPress plugin and you will not be in trouble with the AVG law.
Need help making your WordPress website privacy proof?
Even though the AVG law is already in place since May 25, 2018, it is never too late for website owners to get a good start or check current settings. After reading this blog, you'll have an idea of what the AVG law is and how important it is for your business and clients. By following these eight steps you will significantly improve the privacy of personal data. If your organization would like help with this or if you just want a guarantee that personal data is properly protected? Then call in 2manydots. With years of experience and the expertise of professionals, together we ensure that your website is user friendly but especially safe.