Data can not be stored on publicly accessible spreadsheets
or unprotected documents. (Google, Dropbox, etc.)
Data can no longer be collected without explicit permission.
Data can no longer be collected without a detailed
description of how and what it will be used.
Users must have an easy way to withdraw consent and
have their data erased.
Organizations must have clear processes to
detect, report and investigate data breaches.
GDPR – General Data Protection Reg
• May 25, 2018
• Applies to any organization that collects and stores
personal data on European (EU) users on websites.
• Aimed at protecting personal data of EU residents
• 4% of global revenue
• $ 24 million
• € 20 million
Does Your Website
• Collect personal data
• Attract visitors from EU?
• Contact Forms
• Opt In
• Security Tools/Plugins
Privacy - Data
• IP address
• Cookie History
• Health/Mental Data
• Political Opinions
• Sexual Orientation
• Prove consent from users – keep records
• Avoid pre-ticked boxes on sign-up forms
• Opt-in vs. opt-out
• Easy option to withdraw consent and remove data
• Website content and inquiry forms must use SSL
• Analytics must be GDPR compliant
• Pseudonymization/anonymization - Database must store
information by account name only and not by account
• This list is not complete nor necessarily accurate
What Can You Do?
• All forms and website requests opt-in
• Easy opt out with instructions
• Cookie alert banner
• Block EU traffic?
Cookie Alert Banner
• Tiny files sent to your browser to allow a website to
remember your preferences to present you with
customized web pages.
• Shopping preferences
• HyperText Transfer Protocol Secure
• Created due to lack of Security
• Insures security between website (server) and browser
• Data/Communications are encrypted
• Prevents “Man-in-the-Middle” Attacks
• HTTPS – Deals only with communications between your
computer and a website.
SSL – Secure Socket Layer
• A certificate issued to allow the HTTPS designation to
• SSL allows HTTP -- HTTPS
Why Need SSL
• Protect privacy
• Credit Card information
• Websites with eCommerce
• Personal information
• Shopping history
• Browsing history
• Information you receive is as intended
• SEO – without HTTPS you don’t rank as well
#1 Reason you need HTTPS
• Chrome 62 - SEO
• Websites without HTTPS are going to be flagged as “Not
Site is Not Secure
• Not Trusted
• Affects Your Brand
• Website not trusted
• Business not trusted
• Hosting Company
• Purchase SSL