General Data Protection Regulation GDPR Compliance

General Data Protection Regulation GDPR Compliance

The most comprehensive GDPR compliancy configuration, which will cover all aspects of the regulations for your website.

We have done this tedious work of going through General Data Protection Regulation (GDPR) acts of online security.

No matter if you are running an existing or building a brand new website. No matter if this is a simple company online business card or sophisticated Content Management System-based e-commerce system.

Compatible with all commonly used programmes and made sure, that even if you are using any compromised programmes or themes, the data of your clients is protected well enough.

Disclaimer
This service is written in collaboration with a law agency. However, It does not constitute a client-lawyer relationship or personalized legal advice.

100%-gdpr-compliance-services

Detailed Features

Protect your business from fines up to €20 milion or 4% global turnover – Compensation claims for damages suffered – Reputational damage and loss of consumer trust.

Anonymising

Anonymising – Right to be forgotten

Easily accessible form for your users to request deletion of stored data.

Privacy by Design

Privacy by Design

Manage, encrypt and erase all user’s data easily via your admin panel

Terms & Privacy

Terms & Privacy Pages

Set up redirects for your Terms and Conditions and Privacy Policy pages until consent is given

Geo-Location service

Geo-Location service

Hide GDPR from users outside of European Union with Geo-Location activated.

Personal Data Access

Personal Data Access

Dedicated form for your users to access currently stored personal data.

Services Consent

Services Consent

Integrations for most popular service consent like eCommerce checkout, contact forms, newsletter sign-ups etc.

Breach Notification

Breach notification

Send global email notifications to all your users about data breach, in case it happens.

Translations

Additional Language Versions

Translations to all major European languages!

Pseudonymisation

Pseudonymisation

Pseudonymize user data stored in database to move the user’s personal data to another location, separate from the rest of the user’s general information, effectively making all user’s information safe even in case of a breach.

Cookies Consent

Cookies Consent

Create fully customisable box for Cookie Consent and block all cookies until cookie consent is given.

Data Portability

Data Portability

All user data can be easily exported to json format or text files with an option to automatically send it via email

Control All Cookies

Control All Cookies On Your Website

Will list all cookies used by your website and create required consents for them.

GDPR Legal Base
Original Consilium Europa Regulation Document  European Commission – Data Protection

Regulations excerpt

1. Personal Data Access

Article. 30 (…) The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data (…)

2. Right To Be Forgotten

Recital 65 (…) The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay (…)

3. Cookie Consent

Article. 4 (…)Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. (…)

4. Terms & Conditions Pages

Recital 113 (…) The purpose of the processing shall be determined in that legal basis or, as regards the processing referred to in point (e) of paragraph 1, shall be necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. That legal basis may contain specific provisions to adapt the application of rules of this Regulation, inter alia: the general conditions governing the lawfulness of processing by the controller; the types of data which are subject to the processing; the data subjects concerned; the entities to, and the purposes for which, the personal data may be disclosed; the purpose limitation; storage periods; and processing operations and processing procedures, including measures to ensure lawful and fair processing such as those for other specific processing situations as provided for in Chapter IX. The Union or the Member State law shall meet an objective of public interest and be proportionate to the legitimate aim pursued. (…)

5. Services Consent

Recital 32 (…)2. If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language. Any part of such a declaration which constitutes an infringement of this Regulation shall not be binding.

3. The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent. (…)

6. Breach Notification

Article 4 (…)1. In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay. (…)

7. Pseudonymisation

Recital 29 (…)The protection of the rights and freedoms of natural persons with regard to the processing of personal data require that appropriate technical and organisational measures be taken to ensure that the requirements of this Regulation are met. In order to be able to demonstrate compliance with this Regulation, the controller should adopt internal policies and implement measures which meet in particular the principles of data protection by design and data protection by default. Such measures could consist, inter alia, of minimising the processing of personal data, pseudonymising personal data as soon as possible (..)

8. Data Portability

Article. 20 (…)The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (…)

9. Privacy by Design

Article. 25 (…)Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.(..)