Tag: Data Protection

Another Cookie Compliance Story

Posted on by Shirley Atkinson

SAA IT TESTING

Quality Assurance

 

 

“Our aim is to help you improve the quality of your customer’s experience and increase the visibility of your business, by providing expert advice and offering a range of affordable solutions and services”.

let’s talk

 

Continuing the Cookie Compliance Story

Planning Cookie Compliance
 

Having previously written a couple of blogs which focused on Website Legalities for the small business owner, there are still a few questions that need to be answered. And in recent reviews of a couple of Wix websites, one of these questions is ‘How can I make my Wix Website cookie compliant?’ 

Intuitive

I’ll try and answer the Wix question and provide a little more background to it. Both of my clients’ websites were built using Wix ADI. This is a very simple website template which allows the non-technical business owner to design and manage their own website. And I admit, when I was updating their sites, it was very intuitive and easy to use. 

One of the issues highlighted in my website review report, that impacted both sites, was that they were not GDPR-compliant. (GDPR stands for General Data Protection Regulation). Apart from some missing mandatory business and activity details, there was no Cookie and Privacy Policy information. This might not sound very important, but if you own and publish a business website, or even a personal blog, then you have to adhere to EU regulations. The GDPR regulations are there to inform, and protect everyone’s personal data. The use, and misuse, of cookies on websites has always been contentious because some companies argue that the use of cookies helps improve the customer experience. This is true in some cases. When you visit a new website and accept the cookies, it means it is easier for you to log in next time you visit the same site. 

Sharing Data

The downside to that, is that to make the customer experience more personal you have to supply the website with certain personal and financial data. That is not to everybody’s liking, and certainly not mine. There have been instances where personal data has been shared to third parties, and people subsequently bombarded with spam and marketing emails. In some severe cases fraudulent payment transactions have occurred. And all this is from companies they have had no previous contact with. 

Marketing Purposes

So what does all this have to do with Wix and cookie compliance then? To protect personal data all websites have to inform their visitors about the cookies generated by their website, or by links to and from their website, for example to social media pages, and for analytical purposes. Some cookies are essential, others are non-essential and for marketing purposes.

If you want to quickly check how many cookies your website uses go to your browser and type in your website url. Click on the security padlock and you will see some site specific data displayed, including the number of cookies used by your site. 

CookieBot Report

One of the tools I use during my website reviews that specifically checks for cookie compliance is CookieBot. Simple to use, no sign-up and in less than an hour you receive an email containing a summary of your website’s cookie compliance and a report on the types of cookies being used on your website. 

If you are not compliant it will tell you the reasons why. In most instances it is because your site does not give the visitor options to accept, reject or manage the cookies. This is where your Cookie Banner comes in. 

cookie compliance cookiebot feedback

Wix Cookie Plug-in

So the two sites I reviewed that were on Wix did not display a cookie banner. For my business website I use WordPress and there are multiple free applications, or plug-ins that you can add which generate a GDPR-compliant cookie banner. I actually use the CookieBot plug-in because it’s free and has great reviews. I assumed that Wix would have a similar app and checked their support pages for Cookie Compliance information. 

Surprisingly, although they have quite comprehensive information about preparing your Wix site for GDPR, unfortunately, the only Cookie banner add-on available is the Cookie Alert Pop-Up app.  Unfortunately? Yes indeed. The average review rating for this ‘Wix-recommended’ app is 1.7 out of 5. And the reviews are appalling.

CookieBot to the rescue (again!)

Trawled the internet to find out how to resolve this, because I did not want my clients at risk of being fined for non-compliance. I couldn’t find a solution, but to cut a long story short, Emma Lawrence from Languedoc121techcame back with the answer! 

CookieBot can be installed on your Wix site. Hurrah! But not on the Wix ADI version. Booo!

You have to switch to ‘Editor’ version, because to configure the cookie banner correctly you need to manually add in lines of code, and you cannot do this in Wix ADI. If you are not technical then do not try this at home.

Although the instructions are clear it is not something I would recommend anyone attempts if they are not tech-savvy. When I realised that I needed to switch to Editor version I had to ask my client’s permission. One client does not want to switch because she has only just mastered the ADI. So I have had to point out the risks and she accepts all responsibility. The other client accepted and the CookieBot plug-in has been successfully installed. Phew…

If when you check your Wix website you find it isn’t compliant do not load the Wix Cookie Alert. It is not EU compliant, and it cannot be uninstalled. Ask for help in installing a third party plug-in such as CookieBot. Preferably ask an experienced, professional web designer, such as Emma from Languedoc121tech.

Finally

So, along with my previous blog posts, with this one you should now have all the information at your finger tips to make your business website cookie compliant .

Fan-blooming-tastic!

And you have remembered to create and display your Cookie and Privacy Policy?

I hope this has helped. Yes, it’s long-winded, but I wanted to provide as much information as possible, but make it easy to read and understand. If I have missed anything, please let me know. Thank you for taking the time to read it.

Shirley Atkinson

Feel free to share – Sharing is Caring 

Location

Shirley Atkinson

SAA IT Test Consultant

79120, Sainte Soline, France

SIRET – 835 373 515 00013

©2020 SAA-IT-Test.com

Contact

Need additional assistance? Please contact us:

saa.it.testing@gmail.com

FR: +33 (0)7 83 16 61 11

UK: +44 (0)7940 435970

Hours

Mon: 10:00 AM – 4:30 PM
Tue: 10:00 AM – 4:30 PM
Wed: 10:00 AM – 12:00 PM
Thu: 10:00 AM – 4:30 PM
Fri: 10:00 AM – 12:00 PM
Sat: Closed
Sun: Closed

Such a thing as good browser cookies?

Posted on by Shirley Atkinson

 Experience & Attention to Detail 

FIND OUT MORE

 

Macarons are so much nicer than cookies

colourful cascade or macarons

 

Chocolate-chip anyone?

I’m not being totally disrespectful to cookies. There are some nice ones, but living in France I have now acquired a taste for macarons. The colours, the different flavours… Hmm, I’m going a bit off track here, because I should really be talking about browser cookies, and even they’re not all bad. 

Following my article about Website Legalities and business websites having to display a cookie notice, I had a couple of questions from worried website owners. Personal Blog owners too should take heed because you also have to comply with the privacy laws. 

What are browser cookies?

They’re not particularly dangerous and they can’t be used to steal your personal data. In fact browser cookies are generally harmless.

They store login details and other little bits of information on your computer from the different websites you have visited.

The information can only be read by the website that made the cookie, and it can only store details that you have given it. It can’t be used to get any other personal data from your computer.

 

How does Amazon know what I’m looking for?

Well, let’s use Amazon as an example. When you log into your Amazon account it stores the details you entered and shows you everything related to your account. The Amazon website also stores a cookie on your device that tells them what items you viewed last time you were there. So it’s only reading and sharing with you the information you gave it before.

In theory, a website could store your credit card as a cookie, because you gave it that information. But only the website where it’s stored can read it. Therefore the only real ‘danger’ is if someone physically has access to your computer because they can read the info. To be on safe side though, you should only provide personal and financial data to websites that you trust 100%.

Is a cookie a virus?

No, cookies are NOT viruses and no, you cannot catch coronavirus online either. (Believe me, I have seen that asked in one of the browser forums). Cookies are just simple text files. They can’t make copies of themselves and spread to other networks so they cannot be defined as a virus. They could be used as a form of spyware though because they store information about browsing history. That’s why a lot of anti-spyware products regularly flag cookies up for deletion. 

Responsible web developers

Now we’re getting down to the privacy issues side of things. Responsible web developers will provide clear descriptions of how cookies are used on their site. There are different types of browser cookies, some are necessary and useful and can’t be refused, others such as third-party cookies usually get created if you frequent websites that display adverts from another website. Again these are not really bad cookies, because they help advertisers keep track of how many people are seeing their ads and whether a particular ad campaign is effective. Cookies can also limit the number of times as advert is shown and display ads in a particular order.

Privacy Laws

The legislation about using cookies for storing information came into force in May 2011.

All new and existing business websites SAA I.T. Tst Consultant Privacy Policy have to be compliant. And it’s not all the responsibility of your web hosting service. They can provide cookie data about their website but not yours, especially if you add links to other websites.

There are sites such as CookieBot which can analyse and report back on the cookies it finds on your website and tell you how intrusive they are. Then you have to decide how you use that information and the best way to obtain a user’s consent.

 

As a responsible business website owner you must:

  • inform users of the purpose of cookies,
  • obtain their consent,
  • provide users with a way to refuse them.

And if users do give their consent it is only legally for a period of 13 months maximum.

Details of the types of cookies used on your website should be included in your Privacy Policy or a separate cookie policy prominently displayed on your website, and a link in your Cookie Notice. 

There are a number of WordPress plugins for cookie notices and plenty of websites out there offering to scan your site, continue to monitor it and provide bespoke cookie policies. Check out CookieBot and Termly.io

All this talk about cookies has got me thinking about macarons again. I’m gutted that the lock-down stopped me from attending a macaron baking workshop with Keith at Jambon de Printemps last month. But I’ll be the first to sign up for the class when everything gets back to normal.

Stay Safe. 

 

 

Location

Shirley Atkinson

SAA IT Test Consultant

79120, Sainte Soline, France

SIRET – 835 373 515 00013

©2020 SAA-IT-Test.com

Contact

Need some help? Please contact us:

saa.it.testing@gmail.com

FR: +33 (0)7 83 16 61 11

UK: +44 (0)7940 435970

Hours

Mon: 10:00 AM – 4:30 PM
Tue: 10:00 AM – 4:30 PM
Wed: 10:00 AM – 12:00 PM
Thu: 10:00 AM – 4:30 PM
Fri: 10:00 AM – 12:00 PM
Sat: Closed
Sun: Closed

Individual Entrepreneurs – Be Compliant

Posted on by Shirley Atkinson

Website Legalities Updated 

Do you remember my last article on Website Legalities? It covered the privacy laws relating to Cookies and Privacy Policies and the mandatory details you have to display on your business website. If that was a lot to take in, well sadly for the individual entrepreneur there is a lot more you need to know.

Mandatory Details

As an individual entrepreneur, as well as the Cookies and Privacy policy, you have to display personal details that identify you, and the type of activity you carry out. 

Identification

For all activity types – Commercial, Craft and Regulated – your business website must display the following mandatory identity details: 

  • Name and Surname
  • Home Address
  • Telephone Number and Email Address
  • Name of the Director, and name of any co-director or editor if there is one
  • Name, company address and phone number of your business  website host. 

Activity

Additionally, for the type of activity you are registered to carry out, you must display the following mandatory Activity information:

Commercial

  • Registration number in trade and companies register
  • Individual tax identification number
  • General Terms and Conditions of Sale, including price in euros, Tax, delivery costs, date of delivery, payment terms, after-sales service, right of withdrawal, duration of any offers, the cost for phone calls (standard call charges, etc).

Artisan

  • Registration number in the trades directory
  • Or registration number in the register of companies of the chambers of trades in the departments of Moselle, Bas-Rhin and Haut-Rhin.

Regulated

  • Reference to applicable professional rules
  • Indication of professional title
  • Name of the EU state in which the professional title was granted
  • Name of the order or organisation with which a registration was made

 

This article covers the information required for individual entrepreneurs. There are other mandatory requirements for companies registered in France. All the information for individuals and companies can be found on the Service-Public.Fr site.

 

Tick for compliance - individual entrepreneur

 

 

 

Non-Compliance

Best case, if you don’t comply you will get fined €1500. But do you really want to be worrying about getting caught?

Worse case, if you’re found to be processing data without authorisation you could get 5 years’ imprisonment and a €300,000 fine. 

Non-professional Websites

I’m including this category for completeness. Personal blogs are slightly different. You are not obliged to reveal your identity, but you can still be fined.

If you decide to remain anonymous, then you only have to display the identity details of your website host. Your hosting company has to have your identification details in case of legal proceedings.

If you don’t want to remain anonymous then you have to provide your identification details. Name, Surname, Home Address, Phone Number and Email Address. 

Non-compliance for personal blogs may result in a year in prison and a €75,000 fine.

 Experience & Attention to Detail 

FIND OUT MORE

Location

Shirley Atkinson

SAA IT Test Consultant

79120, Sainte Soline, France

SIRET – 835 373 515 00013

©2020 SAA-IT-Test.com

Contact

Need additional assistance? Please contact us:

saa.it.testing@gmail.com

FR: +33 (0)7 83 16 61 11

UK: +44 (0)7940 435970

Hours

Mon: 10:00 AM – 4:30 PM
Tue: 10:00 AM – 4:30 PM
Wed: 10:00 AM – 12:00 PM
Thu: 10:00 AM – 4:30 PM
Fri: 10:00 AM – 12:00 PM
Sat: Closed
Sun: Closed

Data Privacy – Blocking third-party cookies

Posted on by Shirley Atkinson

Man and woman sat at table in park with laptop open - data privacy

According to Google Chrome’s blog, some security changes are taking effect in 2020. Insecure cross-site tracking will be limited, and third-party cookies will only be allowed over HTTPS.

DATA PRIVACY – Is this the end of digital marketing as we know it?

Because of growing concerns over data privacy companies will have to rethink their digital marketing. This is because third-party cookies which are used to track user interventions will be blocked by Google Chrome browsers by 2022. Other browsers – such as Firefox and Safari – already automatically block them, but currently with Google, users have to manually amend their settings.

It isn’t the end of digital marketing though. It just means that businesses will have to start using other methods and tools – email marketing, keyword search, social media campaigns, etc. 

Now’s the time to start testing new methods and seeing which ones work the best for your business.

 

To read more at Forbes.com : Cookie countdown: how to prepare for a colossal marketing shift?

See also – Cookies & Privacy Policy

 

Location

Shirley Atkinson

SAA IT Test Consultant

79120, Sainte Soline, France

SIRET – 835 373 515 00013

©2020 SAA-IT-Test.com

Contact

Need some help? Please contact us:

saa.it.testing@gmail.com

FR: +33 (0)7 83 16 61 11

UK: +44 (0)7940 435970

Hours

Mon: 10:00 AM – 4:30 PM
Tue: 10:00 AM – 4:30 PM
Wed: 10:00 AM – 12:00 PM
Thu: 10:00 AM – 4:30 PM
Fri: 10:00 AM – 12:00 PM
Sat: Closed
Sun: Closed

 

Cookies & Privacy Policy

Posted on by Shirley Atkinson

Over 20 years experience in System & User Testing

Cat on computer

 

SAA IT Test logo

Contact Us

Shirley Atkinson - the face of SAA IT Testing

Website Legalities 

If you have a website, blog or app on the Internet then you have to comply with privacy laws. Regardless of whether your website is professional or non-professional, you must display certain mandatory information. If you don’t comply with the website legalities then you risk being fined €1500.

In the worse case scenario, unauthorised computer processing of data you’ve collected could result in 5 years’ imprisonment and a €300,000 fine.

Have I got your attention now?

Websites legalities is a fairly hefty topic and the mandatory information depends on whether you are an individual, company, type of activity, etc. So I’m going to break it down into smaller chunks and just cover Cookies and Privacy Policies here.

 

Follow the rules Please Stay on the path

Cookies & Privacy

Whether you are just starting out or have been in business for several years, if you’re collecting personal information you are responsible for that data. Having a Privacy Policy is your commitment to guarding the privacy of your user’s data.

 

“When operating a website or mobile app, you should be ready to answer questions that your users, business partners, or authorities might have about the privacy policy of your service. If you work with other businesses, you [might] need to share with them your privacy policy and make sure you abide by it”.  Extract taken from PolicyMaker.io website

Business website owners aren’t the only ones who have to comply. Theses website legalities apply to professional and non-professional websites. 

  • A professional website is one that is used by a business, either an individual or a company. The compulsory details to be displayed will depend on the type of activity. 
  • A non-professional website is one that’s used by an individual and is not used for business. For example, a blog.   

To comply with the law all websites must display the terms relating to the use of cookies, and information relating to the use of personal data.

Trust

Apart from the risk of a fine, non-compliance could have other more serious effects. There is plenty of evidence to suggest that users will avoid interacting with a website if they think their privacy is at risk. You need to comply with the law if you want to be seen as trustworthy. 

Find more detailed info, including cookie definition and a free online policy generator at ‘Cookie Law’ and PolicyMaker.io .

Check out Top 12 Trustworthy Policy Generators. Be aware, although most claim to be free, some will apply fees depending on the type of business. 

Choose a policy that’s most relevant to your website activity, personalise it and display it prominently on your website. Enable a Cookie pop-up so it displays when visitors access your website. This allows them to accept, reject or change their preferences. Also consider adding a link to your policy on your Contact page. Prove to your customers that they can trust you.

If you have any problems with setting this up, get in touch and I will do my best to help you out. If I can’t help then I’m sure I’ll find someone that can!

 

I hope this article has been useful. The next one in the Website Legalities series will cover individual entrepreneurs exercising commercial, craft and regulated activities.

 

Experience & Attention to Detail 

FIND OUT MORE

Location

Shirley Atkinson

SAA IT Test Consultant

79120, Sainte Soline, France

SIRET – 835 373 515 00013

©2020 SAA-IT-Test.com

Contact

Need some help? Please contact us:

saa.it.testing@gmail.com

FR: +33 (0)7 83 16 61 11

UK: +44 (0)7940 435970

Hours

Mon: 10:00 AM – 4:30 PM
Tue: 10:00 AM – 4:30 PM
Wed: 10:00 AM – 12:00 PM
Thu: 10:00 AM – 4:30 PM
Fri: 10:00 AM – 12:00 PM
Sat: Closed
Sun: Closed

Small Businesses and Personal Data

Posted on by Shirley Atkinson

Post with poster saying Big Data is Watching

Small Businesses and Personal Data

What’s classed as ‘personal data’?

 

  • The obvious ones such as name, surname, initial(s), alias, home address, phone numbers, date of birth or place of birth. ID card number, credit card number and e-mail address
  • Sensitive data such as genetic and biometric data e.g. health data, face, fingerprints, retina, DNA, etc.
  • Online identifiers such as IP addresses and cookie identifiers
  • Location data such as device location history
  • Metadata related to Internet activity i.e browsing and search history. Also information regarding a data subject’s social media accounts and posts.

 

Note: if you process debit or credit card information, you may also be subject to PCI DSS Regulations.

And whilst we’re on the subject of Data Protection…

I want a copy of my personal data and I want it now

As a small business owner you know what personal data rights are under GDPR don’t you, and what a data subject is?

And if one of your customer’s asks you to provide them with a copy of their personal data you know exactly what to do and the timescale for doing it in, correct?

 

..‘data subject’ refers to any living individual whose personal data is collected, held or processed by an organisation. Personal data is any data that can be used to identify an individual, such as a name, home address or credit card number .

(Luke Irwin, Author for IT Governance 15/11/2018)

 

 

 

 

 

People are becoming more aware of what their rights are regarding the data protection rules and are exercising these rights more frequently. They can object to advertising communications, deny access , or ask for a copy of the personal data that’s held on them.

Because individuals are becoming more aware this is also having an impact on businesses. As a business owner, even if you’re a one-man band, it’s your responsibility to understand how GDPR affects you. 

So, let’s go back to my original question.

Q. One of your customers has asked you for a copy of all the personal data you hold on them. What do you do and how long have you got to respond?

A. You have one month from the date of receiving the request to provide  a copy of all their personal data. Continually asking you for a copy of their data records would be an exception, but otherwise you’re legally obliged to complete their request.

 

 Experience & Attention to Detail 

FIND OUT MORE

 

Can you spot a phishing email?

Posted on by Shirley Atkinson

credit card being given through the computer screen

Can you spot a phishing email?

Redcar and Cleveland Borough Council have been offline for all most two weeks because of a recent cyber-attack. Although they haven’t openly stated it was caused by Ransomware*, they are having to rebuild their complete system. This is consistent with how a company would react if they did not want to have to pay out to the criminals holding them to ransom. 

 

According to a report from the insurance broker Gallagher, 49% of local councils have been attacked since the start of 2017 and 37% were attacked in the first half of 2019 alone. Over that six-month period, local government experienced 263 million attacks

5 mph road sign

5 ways to spot a malicious email

The majority of ransomware attacks begin with phishing scams, so simply knowing how to spot a malicious email will protect you from a substantial number of threats.

    • The message is sent from a public email domain
    • The domain name is misspelled
    • The email is poorly written
    • It includes suspicious attachments or links
    • The message creates a sense of urgency

 

The advice in the malicious email blog shows how important it is for individuals to be able to recognise signs of phishing.

Spam filters will never be fully effective, so it’s up to you to read the context of messages. Look for anything suspicious and report it.

Remember – it could be you and your business being held to ransom.

*Ransomware is a form of malware that encrypts files and locks users out of the system. A message would then be sent informing users that to get access they have to pay a ransom.

You might also be interested in reading – blog/small-businesses-and-personal-data/

Sign up for our newsletter today.

 

 

Join today

 

 

 

Location

Shirley Atkinson

SAA IT Test Consultant

79120, Sainte Soline, France

SIRET – 835 373 515 00013

©2020 SAA-IT-Test.com

Contact

Need some help? Please contact us:

saa.it.testing@gmail.com

FR: +33 (0)7 83 16 61 11

UK: +44 (0)7940 435970

Hours

Mon: 10:00 AM – 4:30 PM
Tue: 10:00 AM – 4:30 PM
Wed: 10:00 AM – 12:00 PM
Thu: 10:00 AM – 4:30 PM
Fri: 10:00 AM – 12:00 PM
Sat: Closed
Sun: Closed
Skip to content