GDPR obligation: put a compliant Webflow site online

Do you want to pay a penalty of 20 million euros for non-compliance with RGPD ? No (yes I can read your mind 🤓)?

Note that this is the maximum penalty provided for by the legislator (that, or 4% of the company's annual worldwide turnover). I therefore advise you to do the right thing on your website to be in compliance with the RGPD 😅

To know how to do it, you are in the right place 👇

What is the RGPD?

The RGP what?

‍

The RGPD Is an acronym for General Data Protection Regulation. It is a European regulation that aims to protect the personal data of citizens of the European Union that came into force in May 2018. This regulation establishes a legal framework for collecting, the treatment And the protection of the personal data of citizens of the European Union.

In fact, the GDPR is intended to give individuals greater control over their own data. It defines clear obligations for businesses, organizations, and public authorities that collect and process personal data, such as explicit user consent for the collection and processing of their data, the obligation to notify data breaches and the establishment of appropriate security measures to protect the data.

This regulation applies to all companies, organizations and public authorities that collect and process personal data of citizens of the European Union, regardless of their geographical location. Businesses that do not comply with the GDPR may be subject to significant financial penalties... We don't joke with the law 😉

How to bring your site into compliance with the RGPD?

As said before, it's important to remember that GDPR compliance is a legal obligation.

‍

‍

It is therefore important to take steps to ensure that your website is GDPR compliant. Here are some key steps to comply with your Webflow website with the RGPD:

1. Make an inventory of all personal data that you collect on your website, including email addresses, IP addresses, names, and phone numbers.
2. Get the explicit consent of users before collecting their personal data. You can do this by using a checkbox to agree to the terms and conditions or by asking users to click a button to agree.
3. Provide users with easy access to their personal data. They should be able to consult, modify or delete them at any time.
4. Ensure that all personal data is stored securely safety. This may include using strong passwords, security protocols such as HTTPS And of the cryptography to protect sensitive data.
5. Let users know how you are using their personal data. You can do this by providing a privacy policy detailed that explains how data is collected, used, and stored.
6. If you transfer data to thirds, make sure they're also GDPR compliant.
7. Designate a data protection officer (RPD) if your website regularly processes sensitive personal data.

What are the mandatory information concerning the RGPD on a website?

Here are the mentions that you must appear on your Webflow site to be in compliance with the RGPD from the design of your site 👇

Legal notices

They are mandatory and should be easily accessible.

‍

‍

They should include:

• the identity of your business
• The registration number
• VAT identification number
• an email and a telephone number to contact your company
• The identity of the host of the site
• the name and address of the authority that issued the authorization, if you are engaged in a regulated and licensed activity

The general conditions of sale (CGV)

‍

They inform your customers of their rights and obligations, they are mandatory in B2C.

‍

‍

You must include:

• the essential characteristics of goods and/or services
• The price including VAT in euros
• the costs, date and terms of delivery
• the terms of execution of the contract
• payment terms: authorized payment methods and the question of late payment.
• the right of withdrawal: deadline and conditions for cancelling and returning the order.
• the legal guarantee of conformity and the guarantee of hidden defects
• commercial guarantee and after-sales service: cost of remote communication
• the duration of the contract and the conditions for termination, if applicable
• the deposit or guarantee to be provided by the customer, if applicable
• the minimum duration of the customer's contractual obligations, if applicable
• the existence of a code of conduct applicable to the contract, if applicable
• dispute resolution procedures: competent court and possibility of recourse to a mediator

The processing of personal data and the use of cookies

Each time you collect data about the Internet user, you must inform him. the Internet user. For example, when filling out a form, he will have to find this information:

‍

‍

• the identity and contact details of the body responsible for the computer processing of personal data
• The purpose pursued by the treatment
• the legal basis justifying the treatment: consent of the user? Compliance with an obligation provided for by a legal text? Execution of a contract? ...
• the mandatory or optional nature of the collection of personal data: the consequences for the user if he does not provide his data
• recipients of personal data
• The duration of storage of personal data
• the rights of the Internet user: the right to refuse the collection, the right to access, rectify and delete their data.
• the right of the Internet user to file a complaint with the CNIL
• If necessary, the existence of a transfer of personal data to a country that does not belong to the European Union

Obtaining the consent of the Internet user

You must obtain clear and explicit user consent when you:

• the sending of commercial emails: you must obtain the explicit agreement of the Internet user unless he has already purchased a similar product in your company or if he is a professional. He must also find a button to refuse to receive new ads at the end of the email.
• the use of cookies: these tracers that analyze the navigation, movements and habits of consultation or consumption of the Internet user to allow the display of targeted advertising.

‍

‍

Otherwise, if your site is already online and does not comply with current regulations, it is not too late you can also make these changes.

It's even mandatory 😅

How do I know if a site complies with the GDPR?

To find out if your company is subject to the RGPD, you can perform a diagnosis using this tool.

All you need to do is have (collect, collect, use, store) personal data in your business for you to be required to comply with the GDPR. In other words, I'm pretty sure you're subject to it 🤪

To find out if your site is compliant, you can use paid audit tools.

You can of course check each element by yourself, by rereading the previous paragraph and by finding out directly on the website of the CNIL.

You can also check these points:

1. Check if the website has a privacy policy clear and easily accessible. This policy should explain how the site collects, uses, and stores personal data.
2. Look for the legal notices or the terms of compliance with the RGPD on the website. If the site complies with the GDPR, there should be a mention of compliance on the home page or in the legal notice.
3. Check if the website explicitly asks for user consent for the collection and processing of their personal data.
4. Check if the website has mechanisms to allow users to exercise their rightsData protection rights, such as the right of access, the right to rectify, the right to be forgotten and the right to data portability.
5. Check if the website uses safety measures appropriate to protect users' personal data, such as cryptography, firewalls, and security protocols such as HTTPS.
6. Check if the website uses cookies or tracking technologies, and if so, if users are aware of their use and if they have the option to deactivate them.

Bonus: The 5 ways to add cookies to your Webflow site

With these tips, you should not be pinched by the CNIL for non-compliance with RGPD! ✌🏼

Let's stay on this topic with the next article: discover 5 ways to add cookies to your Webflow site! Means that comply with the GDPR of course 😇

‍