When collecting data from users on your website, there are a few things you need to consider. GDPR (General data protection regulation) replaced the Personal Data Act in 2018. The purpose of the new General Data Protection Regulation is to strengthen the protection of personal data of individuals. This law applies to all companies operating in the EU. Therefore, when collecting data from users on your website, you need to consider a few things, which we will go through here.

You must have a legal basis

Under the GDPR, you need a legal basis to process personal data. There are a few different grounds that allow you to collect and process personal data. One of them is consent, which you can obtain via a cookie banner, for example. It is important to consider how the cookie banner is made, it is not enough to write we collect data and have a button for okay. In order to give consent, the user must also have the option to decline and you must inform users of what they are agreeing to, which brings us to the next point.

Informing users

Under the GDPR, you must inform users about what data you collect and why you collect it. You can do this in a privacy policy that describes what personal data you collect, what its purpose is and how you process it. You should also inform users of their rights, such as their right to access the data stored about them and to have their data amended or deleted.

Do not collect unnecessary data

Only collect personal data that you have a purpose for collecting and screen it regularly. For example, don't just collect data because it might be useful to have it later. Also, make sure to screen the data frequently and delete data you no longer need. For example, you should delete data about a person if they delete their account on your website.

Protecting the data

The GDPR also has requirements for information security. Users' personal data must be protected, for example by encrypting it or using strong passwords. This is to ensure that no unauthorised person can access the data. Another thing to keep in mind when it comes to the GDPR is to have as a standard to give the user privacy. For example, if you want to collect data about the location of users, location sharing is not started automatically, but the user must go in and start it themselves.

I hope this post has been instructive

Do you need help with how to set up a cookie banner or do you have other questions? Then you can contact us