SAA IT TESTING

Quality Assurance

 

 

“Our aim is to help you improve the quality of your customer’s experience and increase the visibility of your business, by providing expert advice and offering a range of affordable solutions and services”.

let’s talk

 

Continuing the Cookie Compliance Story

Planning Cookie Compliance
 

Having previously written a couple of blogs which focused on Website Legalities for the small business owner, there are still a few questions that need to be answered. And in recent reviews of a couple of Wix websites, one of these questions is ‘How can I make my Wix Website cookie compliant?’ 

Intuitive

I’ll try and answer the Wix question and provide a little more background to it. Both of my clients’ websites were built using Wix ADI. This is a very simple website template which allows the non-technical business owner to design and manage their own website. And I admit, when I was updating their sites, it was very intuitive and easy to use. 

One of the issues highlighted in my website review report, that impacted both sites, was that they were not GDPR-compliant. (GDPR stands for General Data Protection Regulation). Apart from some missing mandatory business and activity details, there was no Cookie and Privacy Policy information. This might not sound very important, but if you own and publish a business website, or even a personal blog, then you have to adhere to EU regulations. The GDPR regulations are there to inform, and protect everyone’s personal data. The use, and misuse, of cookies on websites has always been contentious because some companies argue that the use of cookies helps improve the customer experience. This is true in some cases. When you visit a new website and accept the cookies, it means it is easier for you to log in next time you visit the same site. 

Sharing Data

The downside to that, is that to make the customer experience more personal you have to supply the website with certain personal and financial data. That is not to everybody’s liking, and certainly not mine. There have been instances where personal data has been shared to third parties, and people subsequently bombarded with spam and marketing emails. In some severe cases fraudulent payment transactions have occurred. And all this is from companies they have had no previous contact with. 

Marketing Purposes

So what does all this have to do with Wix and cookie compliance then? To protect personal data all websites have to inform their visitors about the cookies generated by their website, or by links to and from their website, for example to social media pages, and for analytical purposes. Some cookies are essential, others are non-essential and for marketing purposes.

If you want to quickly check how many cookies your website uses go to your browser and type in your website url. Click on the security padlock and you will see some site specific data displayed, including the number of cookies used by your site. 

CookieBot Report

One of the tools I use during my website reviews that specifically checks for cookie compliance is CookieBot. Simple to use, no sign-up and in less than an hour you receive an email containing a summary of your website’s cookie compliance and a report on the types of cookies being used on your website. 

If you are not compliant it will tell you the reasons why. In most instances it is because your site does not give the visitor options to accept, reject or manage the cookies. This is where your Cookie Banner comes in. 

cookie compliance cookiebot feedback

Wix Cookie Plug-in

So the two sites I reviewed that were on Wix did not display a cookie banner. For my business website I use WordPress and there are multiple free applications, or plug-ins that you can add which generate a GDPR-compliant cookie banner. I actually use the CookieBot plug-in because it’s free and has great reviews. I assumed that Wix would have a similar app and checked their support pages for Cookie Compliance information. 

Surprisingly, although they have quite comprehensive information about preparing your Wix site for GDPR, unfortunately, the only Cookie banner add-on available is the Cookie Alert Pop-Up app.  Unfortunately? Yes indeed. The average review rating for this ‘Wix-recommended’ app is 1.7 out of 5. And the reviews are appalling.

CookieBot to the rescue (again!)

Trawled the internet to find out how to resolve this, because I did not want my clients at risk of being fined for non-compliance. I couldn’t find a solution, but to cut a long story short, Emma Lawrence from Languedoc121techcame back with the answer! 

CookieBot can be installed on your Wix site. Hurrah! But not on the Wix ADI version. Booo!

You have to switch to ‘Editor’ version, because to configure the cookie banner correctly you need to manually add in lines of code, and you cannot do this in Wix ADI. If you are not technical then do not try this at home.

Although the instructions are clear it is not something I would recommend anyone attempts if they are not tech-savvy. When I realised that I needed to switch to Editor version I had to ask my client’s permission. One client does not want to switch because she has only just mastered the ADI. So I have had to point out the risks and she accepts all responsibility. The other client accepted and the CookieBot plug-in has been successfully installed. Phew…

If when you check your Wix website you find it isn’t compliant do not load the Wix Cookie Alert. It is not EU compliant, and it cannot be uninstalled. Ask for help in installing a third party plug-in such as CookieBot. Preferably ask an experienced, professional web designer, such as Emma from Languedoc121tech.

Finally

So, along with my previous blog posts, with this one you should now have all the information at your finger tips to make your business website cookie compliant .

Fan-blooming-tastic!

And you have remembered to create and display your Cookie and Privacy Policy?

I hope this has helped. Yes, it’s long-winded, but I wanted to provide as much information as possible, but make it easy to read and understand. If I have missed anything, please let me know. Thank you for taking the time to read it.

Shirley Atkinson

Feel free to share – Sharing is Caring 

Location

Shirley Atkinson

SAA IT Test Consultant

79120, Sainte Soline, France

SIRET – 835 373 515 00013

©2020 SAA-IT-Test.com

Contact

Need additional assistance? Please contact us:

saa.it.testing@gmail.com

FR: +33 (0)7 83 16 61 11

UK: +44 (0)7940 435970

Hours

Mon: 10:00 AM – 4:30 PM
Tue: 10:00 AM – 4:30 PM
Wed: 10:00 AM – 12:00 PM
Thu: 10:00 AM – 4:30 PM
Fri: 10:00 AM – 12:00 PM
Sat: Closed
Sun: Closed

Website Legalities Updated 

Do you remember my last article on Website Legalities? It covered the privacy laws relating to Cookies and Privacy Policies and the mandatory details you have to display on your business website. If that was a lot to take in, well sadly for the individual entrepreneur there is a lot more you need to know.

Mandatory Details

As an individual entrepreneur, as well as the Cookies and Privacy policy, you have to display personal details that identify you, and the type of activity you carry out. 

Identification

For all activity types – Commercial, Craft and Regulated – your business website must display the following mandatory identity details: 

  • Name and Surname
  • Home Address
  • Telephone Number and Email Address
  • Name of the Director, and name of any co-director or editor if there is one
  • Name, company address and phone number of your business  website host. 

Activity

Additionally, for the type of activity you are registered to carry out, you must display the following mandatory Activity information:

Commercial

  • Registration number in trade and companies register
  • Individual tax identification number
  • General Terms and Conditions of Sale, including price in euros, Tax, delivery costs, date of delivery, payment terms, after-sales service, right of withdrawal, duration of any offers, the cost for phone calls (standard call charges, etc).

Artisan

  • Registration number in the trades directory
  • Or registration number in the register of companies of the chambers of trades in the departments of Moselle, Bas-Rhin and Haut-Rhin.

Regulated

  • Reference to applicable professional rules
  • Indication of professional title
  • Name of the EU state in which the professional title was granted
  • Name of the order or organisation with which a registration was made

 

This article covers the information required for individual entrepreneurs. There are other mandatory requirements for companies registered in France. All the information for individuals and companies can be found on the Service-Public.Fr site.

 

Tick for compliance - individual entrepreneur

 

 

 

Non-Compliance

Best case, if you don’t comply you will get fined €1500. But do you really want to be worrying about getting caught?

Worse case, if you’re found to be processing data without authorisation you could get 5 years’ imprisonment and a €300,000 fine. 


Non-professional Websites

I’m including this category for completeness. Personal blogs are slightly different. You are not obliged to reveal your identity, but you can still be fined.

If you decide to remain anonymous, then you only have to display the identity details of your website host. Your hosting company has to have your identification details in case of legal proceedings.

If you don’t want to remain anonymous then you have to provide your identification details. Name, Surname, Home Address, Phone Number and Email Address. 

Non-compliance for personal blogs may result in a year in prison and a €75,000 fine.

Location

Shirley Atkinson

SAA IT Test Consultant

79120, Sainte Soline, France

SIRET – 835 373 515 00013

©2020 SAA-IT-Test.com

Contact

Need additional assistance? Please contact us:

saa.it.testing@gmail.com

FR: +33 (0)7 83 16 61 11

UK: +44 (0)7940 435970

Hours

Mon: 10:00 AM – 4:30 PM
Tue: 10:00 AM – 4:30 PM
Wed: 10:00 AM – 12:00 PM
Thu: 10:00 AM – 4:30 PM
Fri: 10:00 AM – 12:00 PM
Sat: Closed
Sun: Closed

Man and woman sat at table in park with laptop open - data privacy

According to Google Chrome’s blog, some security changes are taking effect in 2020. Insecure cross-site tracking will be limited, and third-party cookies will only be allowed over HTTPS.

DATA PRIVACY – Is this the end of digital marketing as we know it?

Because of growing concerns over data privacy companies will have to rethink their digital marketing. This is because third-party cookies which are used to track user interventions will be blocked by Google Chrome browsers by 2022. Other browsers – such as Firefox and Safari – already automatically block them, but currently with Google, users have to manually amend their settings.

It isn’t the end of digital marketing though. It just means that businesses will have to start using other methods and tools – email marketing, keyword search, social media campaigns, etc. 

Now’s the time to start testing new methods and seeing which ones work the best for your business.

 

To read more at Forbes.com : Cookie countdown: how to prepare for a colossal marketing shift?

See also – Cookies & Privacy Policy

 

Location

Shirley Atkinson

SAA IT Test Consultant

79120, Sainte Soline, France

SIRET – 835 373 515 00013

©2020 SAA-IT-Test.com

Contact

Need some help? Please contact us:

saa.it.testing@gmail.com

FR: +33 (0)7 83 16 61 11

UK: +44 (0)7940 435970

Hours

Mon: 10:00 AM – 4:30 PM
Tue: 10:00 AM – 4:30 PM
Wed: 10:00 AM – 12:00 PM
Thu: 10:00 AM – 4:30 PM
Fri: 10:00 AM – 12:00 PM
Sat: Closed
Sun: Closed

 

Post with poster saying Big Data is Watching

Small Businesses and Personal Data

What’s classed as ‘personal data’?

 

  • The obvious ones such as name, surname, initial(s), alias, home address, phone numbers, date of birth or place of birth. ID card number, credit card number and e-mail address
  • Sensitive data such as genetic and biometric data e.g. health data, face, fingerprints, retina, DNA, etc.
  • Online identifiers such as IP addresses and cookie identifiers
  • Location data such as device location history
  • Metadata related to Internet activity i.e browsing and search history. Also information regarding a data subject’s social media accounts and posts.

 

Note: if you process debit or credit card information, you may also be subject to PCI DSS Regulations.

And whilst we’re on the subject of Data Protection…

I want a copy of my personal data and I want it now

As a small business owner you know what personal data rights are under GDPR don’t you, and what a data subject is?

And if one of your customer’s asks you to provide them with a copy of their personal data you know exactly what to do and the timescale for doing it in, correct?

 

..‘data subject’ refers to any living individual whose personal data is collected, held or processed by an organisation. Personal data is any data that can be used to identify an individual, such as a name, home address or credit card number .

(Luke Irwin, Author for IT Governance 15/11/2018)

 

 

 

 

 

People are becoming more aware of what their rights are regarding the data protection rules and are exercising these rights more frequently. They can object to advertising communications, deny access , or ask for a copy of the personal data that’s held on them.

Because individuals are becoming more aware this is also having an impact on businesses. As a business owner, even if you’re a one-man band, it’s your responsibility to understand how GDPR affects you. 

So, let’s go back to my original question.

Q. One of your customers has asked you for a copy of all the personal data you hold on them. What do you do and how long have you got to respond?

A. You have one month from the date of receiving the request to provide  a copy of all their personal data. Continually asking you for a copy of their data records would be an exception, but otherwise you’re legally obliged to complete their request.

 

 

credit card being given through the computer screen

Can you spot a phishing email?

Redcar and Cleveland Borough Council have been offline for all most two weeks because of a recent cyber-attack. Although they haven’t openly stated it was caused by Ransomware*, they are having to rebuild their complete system. This is consistent with how a company would react if they did not want to have to pay out to the criminals holding them to ransom. 

 

According to a report from the insurance broker Gallagher, 49% of local councils have been attacked since the start of 2017 and 37% were attacked in the first half of 2019 alone. Over that six-month period, local government experienced 263 million attacks

5 mph road sign

5 ways to spot a malicious email

The majority of ransomware attacks begin with phishing scams, so simply knowing how to spot a malicious email will protect you from a substantial number of threats.

    • The message is sent from a public email domain
    • The domain name is misspelled
    • The email is poorly written
    • It includes suspicious attachments or links
    • The message creates a sense of urgency

 

The advice in the malicious email blog shows how important it is for individuals to be able to recognise signs of phishing.

Spam filters will never be fully effective, so it’s up to you to read the context of messages. Look for anything suspicious and report it.

Remember – it could be you and your business being held to ransom.

*Ransomware is a form of malware that encrypts files and locks users out of the system. A message would then be sent informing users that to get access they have to pay a ransom.

You might also be interested in reading – blog/small-businesses-and-personal-data/

Sign up for our newsletter today.

 

 

 

 

Location

Shirley Atkinson

SAA IT Test Consultant

79120, Sainte Soline, France

SIRET – 835 373 515 00013

©2020 SAA-IT-Test.com

Contact

Need some help? Please contact us:

saa.it.testing@gmail.com

FR: +33 (0)7 83 16 61 11

UK: +44 (0)7940 435970

Hours

Mon: 10:00 AM – 4:30 PM
Tue: 10:00 AM – 4:30 PM
Wed: 10:00 AM – 12:00 PM
Thu: 10:00 AM – 4:30 PM
Fri: 10:00 AM – 12:00 PM
Sat: Closed
Sun: Closed