1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

GDPR on information only websites

Discussion in 'HTML, Graphics & Programming' started by JasonM, Aug 27, 2018.

  1. JasonM

    Wise Guy

    Joined: Jun 19, 2009

    Posts: 2,079

    Hope this is the best section for this.

    I have an information only website, and looking for advice on GDPR law. The website stores no personal data other then the IIS server that can store client data (IP's, browser details) in event logs. The only other information that's stored is the site connects to google analytics.

    I have searched for advice, but main advice on GDPR is related to web-sites that collect data.

    Could anyone offer any advice, or link to other information only websites that have covered this.
     
  2. touch

    Capodecina

    Joined: Oct 28, 2006

    Posts: 10,473

    Location: Sufferlandria

    You'll need to give visitors an opt-in for tracking cookies used by google analytics.

    IIS logs should be ok because they are strictly necessary to the security of the website. IP addresses are considered to be personal data though.

    edit: here's a link which better explains why IIS logs dont need permission - https://terabyteit.co.uk/the-gdpr-and-personal-data-in-web-server-logs/
     
  3. Hyburnate

    Capodecina

    Joined: Jul 29, 2011

    Posts: 13,775

    Location: NN4

    This is bang on, and a privacy policy.
     
  4. JasonM

    Wise Guy

    Joined: Jun 19, 2009

    Posts: 2,079

    Thanks for the information, especially the link the ISS logs.

    For time being I'm considering removing the google analytics, they were not really used anyway as it's such a basic website.

    I presume I will still require some form of privacy policy.
     
  5. ChroniC

    Sgarrista

    Joined: Oct 18, 2002

    Posts: 8,806

    It's not bang on. You don't have to give an opt out for analytics. It's only advertising cookies that require it.
    You'll notice on alot of opt outs that you cannot opt out of the tmfirst option.
    You do however have to have a pop-up or fixed position CTA showing your cookie policy outlining your intended use of analytics information.
    If you have a contact form or any form of subscription you must link to your privacy policy outlining your usage of their information and how long you intend to keep it. How long you keep it for varies based on your line of work. I. E if you have 10yr warranties etc you can prove you need to keep it for that long, etc etc.
     
    Last edited: Aug 29, 2018
  6. Rroff

    Man of Honour

    Joined: Oct 13, 2006

    Posts: 56,843

    I pulled down a couple of long abandoned information sites (but using WordPress) as I just CBA with getting my head around GDPR stuff :s it seems more of a pain in the rear than actually achieving anything.
     
  7. Hyburnate

    Capodecina

    Joined: Jul 29, 2011

    Posts: 13,775

    Location: NN4

    You're right, I completely misread it to be honest. The privacy policy I wrote for the company I work for entirely contridcts what I quoted.

    Admitadly I went a little overboard however you can see an example here @JasonM https://nenedata.com/privacy-policy/
     
  8. JasonM

    Wise Guy

    Joined: Jun 19, 2009

    Posts: 2,079

    Hyburnate, thanks for your link. I have actually used a website called RocketLawer to create a free GDPR complaint privacy policy. I have just had a quick scan of yours on nenedata.com and it's very similar to the RocketLawer generated one.
     
  9. Hyburnate

    Capodecina

    Joined: Jul 29, 2011

    Posts: 13,775

    Location: NN4

    Haha, maybe I shouldn’t pursue a career in law.

    Admittedly it went ridiculously into detail, but the way I saw it is I don’t want any come back and if the ICO see best efforts they’ll be more lineant.
     
  10. antijoke

    Caporegime

    Joined: Jan 28, 2003

    Posts: 36,897

    Location: Stratford-Upon-Avon

    Are you sure about the opt out thing for analytics?

    I thought they had to be not set to start and only allowed to be set by specifically opting in.

    This is from the civic cookie control website we use for managing cookies

    https://www.civicuk.com/cookie-control
     
  11. edscdk

    Soldato

    Joined: Jul 17, 2008

    Posts: 6,243

    I hate those stipud opt in / out cookie questions,

    Option 1 get 50 million web sites updated and waste billions of man hours over the next 50 years clicking on deny or accept

    Option 2 get 10 or 15 bits of software (browsers) updated to ask the question once .

    Option 3 don't do anything cos anyone that's going to abuse they system is hardly likley to take any notice of what you selected
     
  12. ChroniC

    Sgarrista

    Joined: Oct 18, 2002

    Posts: 8,806

    Yep analytics alone doesn't record or take any personal identifying information from you. There are options in it to link it to Adwords which would invalidate this but with the basic settings it uses random identifiers. It can be covered by a basic use of cookies policy.
     
  13. antijoke

    Caporegime

    Joined: Jan 28, 2003

    Posts: 36,897

    Location: Stratford-Upon-Avon

    Ok, thanks. Got any articles on it?

    I’m sure I had read all analytics needed it, this makes my job a little easier.
     
  14. ChroniC

    Sgarrista

    Joined: Oct 18, 2002

    Posts: 8,806

    https://www.peakdemand.co.uk/blog/the-impact-of-gdpr-on-google-analytics/

    This has a little snnipet is about as quick as I can show with trawling the actual regulation.

    The so called “cookie provision”, which has resulted in an overload of consent requests for internet users, will be streamlined. New rules will allow users to be more in control of their settings, providing an easy way to accept or refuse the tracking of cookies and other identifiers in case of privacy risks. The proposal clarifies that no consent is needed for non-privacy intrusive cookies improving internet experience (e.g. to remember shopping cart history). Cookies set by a visited website counting the number of visitors to that website will no longer require consent.”
     
  15. antijoke

    Caporegime

    Joined: Jan 28, 2003

    Posts: 36,897

    Location: Stratford-Upon-Avon

    Excellent, thanks.