You might have heard about GDPR, but you no doubt have questions about what it is and what it means for your business. Don’t panic! As website owners it’s important that you’re able to comply with the new EU regulations and at POWr we’re committed to helping you get ready.
Please note that this article doesn’t constitute legal advice, we’ll leave that to the lawyers, but we’ll help you break down what GDPR is and what you need to think about for your business. If you have any doubts on the information provided, we recommend seeking professional legal advice.
What is GDPR?
It stands for the EU General Data Protection Regulation (GDPR). In a nutshell, it’s a new data protection law that comes into effect on May 25, 2018 that strengthens the protection of personal data and the rights of the individual concerning privacy and consent for EU citizens.
Has POWr prepared for GDPR?
Does GDPR apply to me?
Put simply, GDPR affects you if you have a website that stores, processes and tracks personal data (this includes first and last names, location data, email address, cookie IDs, among other things). If you collect any of this information on your website, through a contact form, comments section, newsletter subscription popup, or any other method, you will be affected by GDPR.
The first step is to review your website to determine if you collect any personal information. Then, think about your relationship with your customer.
GDPR defines two different relationships: Data Controller and Data Processor.
POWr acts as a Data Controller in its direct relationship with you as a customer when it comes to the information you give us directly (such as your sign up information, billing information etc.). If you are collecting information from your own customers (e.g. through a contact form, order form, etc.) you are acting as a Data Controller also. In this respect POWr and you, the plugin creator, are considered as separate and independent Data Controllers under EU law. You are therefore responsible for the personal information you process while using POWr’s services.
The service POWr provides to you is as a Data Processor. We process and store information on your behalf. How you use and protect that information is up to you and it’s your responsibility to ensure that you’re compliant with GDPR. You can find more information in our Help article.
How can I be compliant with GDPR?
2. Get consent from your visitors to use their data. While there are many ways in which you can legally control and process your site visitors’ information, getting explicit consent is arguably the most foolproof. This could be in the form of an opt-in checkbox in a form or popup, for example, that gets their permission for you to use their information for a defined purpose. Simply adding a sentence next to your ‘Subscribe’ button doesn’t cut it though, as this is only implied consent. Full information on what is required can be found here.
3. Make sure that your website and any third party tools and plugins you use are GDPR compliant. If you’re not sure, the best thing to do is to contact your website platform or tool provider directly and seek expert legal advice.
The good news for POWr users is that we’ve made it easy for you to be compliant when collecting information from your customers with the new ‘GDPR Compliance’ element in POWr Form Builder.
What is the new POWr GDPR Form element?
It’s an element that you can easily add to your POWr forms that enables you to be compliant with GDPR when collecting personal data from your site visitors. This is available on the Starter, Pro and Business plans.
You’ll find it in the list of elements you can add to your form:
Click on the ‘GDPR Compliance’ element to add it to your form. Once you've added the element, we've already done the hard work and created compliant text you can use. Of course it’s all fully customizable, so you can edit the content to suit your business needs:
You can then access all this information in your Responses Dashboard:
You’ll be able to see the time, date and country of every submission you receive, so you know if the user is in the EU (which means they’re protected by GDPR). You’ll also be able to see the permissions they’ve given you. If a user contacts you to request that you delete any data you have on them, you can be confident that you can be compliant with GDPR and simply press the delete button on the right hand side in your Responses Dashboard.
To help you even further with compliance, if you’re using the Customer Confirmation Email feature in POWr Form Builder and your user does not check the ‘Email’ permission checkbox in your form, you can rest assured that the automated response will not be sent to them.
To summarize, POWr Form Builder will allow you to handle email opt-ins in a GDPR-compliant way by providing:
- An opt-in timestamp
- The user’s locale
- The user’s selected permissions
- Automatic exclusion of users who haven’t opted in to emails from receiving automated Customer Confirmation Emails.
- A quick and easy way of handling data deletion requests at the click of a button in your Responses Dashboard within your personal POWr Account.
At POWr we’re fully committed to protecting the privacy and security of your data, as well as helping your business achieve its goals, which includes being compliant with GDPR. You can find the full GDPR text here, but if you have any questions or concerns about POWr and our plugins in relation to GDPR, please feel free to leave us a comment or reach out.