All features and elements in the Editor are designed to enable you to gather, manage and delete visitor data in compliance with data privacy laws outlined in the General Data Protection Regulation (GDPR).
What is GDPR?
The GDPR is a European Union (EU) regulation aimed at strengthening the data protection of individuals (data subjects) within the EU. Its focus is to give more control and transparency to data subjects about what, how and when data is collected about them online. The GDPR came into effect on May 25, 2018 and doesn't only apply to businesses located within the EU but also to businesses located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects.
GDPR and your website
The GDPR states that data subjects (website visitors) have four fundamental rights. Below, we've outlined what website owners need to think about in order to comply with these rights.
The right to transparency
There are five different channels through which user data can come into your website that you should be aware of:
When visitors submit contact forms on your website, they may be sending personal data which is being stored in the Editor.
There are three modules where user data can come in through forms to your website:
Read more about the modules by clicking the links above. If you have entered your email address in the Email Recipient field in the Form and Mailchimp Form modules, the submitted data will be sent to your email. Keep in mind that this entails you'll be keeping visitor data in your inbox. On the Form and Mailchimp Form modules, you can also enable the Data Collection which means that form data will be stored in CRM under 'Forms'.
These pop-up elements can be set to appear on your website and allow for various types of visitor engagement. Three of these engagement types may involve the visitor submitting personal data:
Just like with the Form modules, you can add an opt-in option to your On-Site Engagements.
Read more about On-Site Engagements here.
If you have password protected pages or use the User Login module, users will have to sign up in order to access your site and may submit personal data in the process. This data is stored in CRM in the Editor.
If you have access to Blog, you can write blog posts and open them up to user comments. These user comments may contain visitors' personal data and are stored in the Editor under Blog.
Read more here (section 2).
If you have added E-commerce you can take orders and accept payments. Those transactions contain personal data about the customers. Orders will go into Shop in the Editor while anything related to credit card payments will be stored with the payment gateway and not in the Editor.
The right to consent and control
As a standard on the V5 platform, all websites are enabled with Google Analytics. Google’s compliance with GDPR is available on their website.
The following types of cookies are being set by default in the Editor from Google Analytics:
None of the cookies above store any personally identifiable information about visitors - their IP addresses are masked and, therefore, fully anonymized. The cookies are added to all websites created in the Editor and are necessary in order for the website to function and to supply visitor data on the Editor dashboard. For more information, please visit: https://developers.google.com/analytics/devguides/...
Other cookies used within the platform are based on sessions and are necessary in order to carry out and support basic website functions such as login, form submissions and maps. Just as with analytics, these cookies are not personally identifiable and only session-based. In short, the cookies the Editor uses do not affect an SMB’s ability to comply with GDPR.
Social media opt-in
If you have social media share modules added to your website, for example the 'Facebook Like' module, you can enable a double opt-in functionality. This gives you the possibility to ask your website visitors to first give their consent to displaying this module before they can start interacting with it. After they have toggled the button, they can click on the modules and perform actions. This way, you can clearly inform website visitors that if they interact with social media modules, they might be passing on information to third parties. Read more about setting up social media opt-in here.
The right to data portability
Visitors have the right to request an overview of all the data that they have submitted on your website. Using the Editor's User Data Report feature you can generate an overview of all data submitted by individual visitors. It collates all the data that you have on a specific visitor and allows you to export that data in a PDF file (that you could pass on to the visitor, if required).
The report contains data submitted through the following modules and features:
Read more about the User Data Report feature here.
The right to be forgotten
Visitors have the right to request the deletion of specific personal data that they have previously submitted on your website.
Here's an overview of where you can delete visitor data that you have previously collected: