Accept

We use cookies in order to save your preferences so we can provide a feature-rich, personalized website experience. We also use functionality from third-party vendors who may add additional cookies of their own (e.g. Analytics, Maps, Chat, etc). Read more about cookies in our Privacy Policy and Terms of Service. If you do not accept our use of Cookies, please do not use the website.

Compliance Changes for the new European General Data Protection Regulation (GDPR)

<  Blog Home
May 23 2018
May 23 2018
By

You may notice that a new Cookie Consent notice appears at the top of your site today. This is a new requirement for compliance with GDPR, and we've added it to try to help your site be compliant.

As of May 25, 2018, websites that process Personally Identifying Information of European residents, need to be compliant with the new GDPR rules (General Data Protection Regulation). There is still a lot of confusion (and hysteria) around the exact scope of this law. But over the coming weeks and months we will likely see the European Union audit larger sites, issue fines or perhaps graciously notify them how to fix mistakes if there was good faith. There will likely be court cases that challenge parts of the law (in Europe and in the U.S. where the EU has complicated authority to enforce their law against U.S. companies that don't do business in the EU). The scope and best practices will be clarified and we will need to make adjustments as necessary.

But the general consensus at this time, is that every website around the world needs to be compliant, if they have European visitors (because even logging IP addresses in your server logs have to be protected).

You may take this self-evaluation checklist to see if you are compliant, but we recommend you speak with a lawyer to understand exactly how they apply to you and make plans to be compliant.

WHAT IS GDPR?

GDPR is a complex set of European laws that govern how you gather, get consent, use, share, and protect personal information. These are honestly good "best practices" for respectfully treating your visitors and customers (e.g. do not share personal data without consent). Compliance with these rules, also provides businesses with additional legal protection (e.g. you should have a Privacy Policy and be doing most of this already anyway). The U.S. has a patchwork of many similar state laws already, and may add their own federal rules soon as well, so it is good to to get compliant now. The GDPR requirements are complex, but some of the main requirements are listed below (NOT EXHAUSTIVE).

REQUIREMENTS FOR YOUR ORGANIZATION

• Notify Authorities of Data Breach within 72 hours.
• Privacy Policy. Provide a link to GDPR compliant Privacy Policy
• Cookie Consent Notification: Enable a cookie consent banner at the top of the site, which describes how cookies are used and gives users the option to opt-out.
• Data Usage Consent and Audit Trail: On all forms that collect data, there must be a clear statement about what the information will be used for and who (if any) it will be shared with.

RIGHTS OF THE VISITOR

• Right to be Forgotten: When requested, you will delete all user's data.
• Data Portability: When requested, you will provide a file with all user's data.
• Access: When requested, you will describe how data is stored and what third parties it is shared with.
• Rectification: When requested, you will correct user's data.

STEPS TAKEN

Updated Gutensite Privacy Policy. Gutensite has always protected your data in compliance with industry best practices and so we don't need to change our practices for GDPR, but we have updated our privacy policy to define key terms, and add language describing how we comply with GDPR.
Updated Default Privacy Policy. Your website comes with a default privacy policy (which you may not have activated), which should be customized by you and your lawyer to properly describe how you collect, store, use and protect your users' data. We've updated the default policy, but you should also review this privacy policy, customize it for your needs and activate it. See our article about how to customize a Privacy Policy and Terms of Service.
Cookie Notification. GDPR compliant websites must notify visitors of the use of browser "cookies" (small files that store preferences and track activity of the user), and must give visitors the option to accept or decline. The default cookies on your website are key to the functionality of your website because they store "session" information. But if you use third party widgets (e.g. Google Analytics, Google Maps, MLS properties with tracking, etc) you will need to provide clear language notifying users of the cookies you use and how the data is protected or shared.
For safety, we have enabled this for all sites. But you can disable it in your Site Info if you need to.

ACTION ITEMS FOR YOU

• Self-Assessment. Take the GDPR self-assessment and then talk to a lawyer if your are concerned about compliance.
• Review Processes. Review your internal data handling processes and make sure they are compliant with GDPR and general best practices for protecting user's data.

 

Note: Even if you think GDPR doesn't apply to you, every website is legally required to have an accurate Privacy Policy that informs your visitors what information you collect and how you use that data. You should also have a Terms of Service agreement if you sell products or services.We provide default pages with generic policies that you can use when you first create your website, but you should consult a lawyer to help you customize these your business. See our article about how to Write a Privacy Policy and Terms of Service.



Archives

December 11, 2018

Attention: End of Service for Old Bounce Server

Attention: End of Service for Old Bounce Server
Chadwick Meyer
If you haven't updated your domain DNS settings in the last year, to match the information in your control panel, you MUST to take action before January 15, 2019 or else your website will stop ...
October 15, 2018

What Is a DDOS Attack and How Do We Respond

What Is a DDOS Attack and How Do We Respond
Chadwick Meyer
The internet is a lot like the wildwest—it operates on trust with very little oversight and no policing, everyone has to look out for themselves. Which makes it very easy for bad actors to ...
June 11, 2018

San Francisco MLS Feed Is Now Available for All Member Agents

San Francisco MLS Feed Is Now Available for All Member Agents
Chadwick Meyer
We have great news for all our Realtor Clients in San Francisco and the Bay Area. Due to historic MLS rules, only brokers were allowed receive the live MLS feed for San Francisco property data. But ...
May 15, 2018

Support Improvements

Support Improvements
Chadwick Meyer
We are very pleased to share news about the growth of Gutensite.   More Agents - Some of you who have recently called into our Website Support line may have noticed a new voice on the other ...
April , 2018

Free SSL for All Sites Will Improve Security, Trust, SEO Ranking, and Speed

Free SSL for All Sites Will Improve Security, Trust, SEO Ranking, and Speed
Chadwick Meyer
We are extremely excited to be nearing the end of a major Gutensite platform rebuild which will offer a completely new design, workflow and modern framework. This ambitious work on the 2.0 platform ...

2018 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2017 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2016 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2015 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2014 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2013 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2012 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2011 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2010 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2009 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec

2008 Archives

Jan Feb Mar Apr
May Jun Jul Aug
Sep Oct Nov Dec