95% of Irish Websites are not Privacy Compliant: Build Trust with Transparency
Put another way, from a business and marketing perspective, customers or visitors to 38 out of 40 Irish websites* potentially cannot trust the organisation to treat their personal information with complete integrity and transparency. In reality, most organisations are blissfully unaware of this fact!
*Source: The Irish Data Protection Commission (DPC) carried out a review of 40 Irish websites and issued their Summary Findings Report - April 2020
Fines are on the horizon
As a result of these findings, the Data Protection Commission (DPC) is giving organisations until 6th October 2020 to comply with the ePrivacy regulations before they start issuing fines. Remember that your website is your shop window to your clients, visitors and of course the DPC.
So, let’s not wait for the DPC to fine you for non-compliance, let’s start using GDPR & ePrivacy regulation as a business strategy to help build trust and brand loyalty with your customers and the community.
Two key principles
The two key principles that underpin GDPR & ePrivacy regulations are privacy by design & privacy by default. So, what are organisations missing from these principles when it comes to their website or online portal?
Basically, we must embed data privacy features from the project design stage, followed by 'privacy by default', giving the website user the clear opportunity to provide 'permission' for their data to be processed, with a clear 'consent' or opt-in.
4 Steps to ensure your website follows the regulations
- Carry out a Cookie Audit, understand what is under the bonnet of your site
- Clearly define & document what is strictly necessary (functional) and non-functional
- Give a clear consent option for ALL non-functional cookies through your Cookie consent pop-up/banner
- Update your Cookie Policy accordingly – with cookie retention dates, etc.
Did you know…
- You must get permissions for the processing of anonymised data, not just personal (identifiable) data, e.g. Google Analytics
- You cannot simply direct the user to their browser settings to "switch off" cookies
- You cannot depend on inferred consent if the user takes no action (e.g. "By continuing to use this site, you agree to our use of cookies")
- You cannot deploy cookies (e.g. chatbot) until you receive consent
- ePrivacy Cookies regulation relates to all devices connected to the internet (including IoT)
Trust & Transparency
Stand out from the crowd, demonstrate your organisation can be trusted and transparent.
Maeve Dunne Data Protection Officer
Integrating privacy into your business and marketing strategy builds trust and loyalty for your brand. Maeve takes a common-sense approach to data protection regulation and provides clients with independent data protection officer support.