Please, enter a valid email!
00 days
00 hours
00 minutes
00 seconds

For Web Developers’ Notice: EU GDPR Brings End of the Era of Digital Feudalism

Forewarned is forearmed.

The whole digital world is on the threshold of great changes.

Starting from May 25, 2018, the major updates to the EU data protection rules will come into operation, meaning that everyone working with the clients and asking them to share some sort of personal information in return for specific products, services, or actions should get ready for the new digital privacy terms and regulations.

The modern-day web community has become extremely vulnerable. Sometimes it seems that Google and Facebook know about us, our preferences and behavior more than do our family and friends. Each time we install a new app on our smart devices, we are asked for the permission to access our location/gallery/contacts, etc.

Whenever we register on social media platforms or sign up on a website, we are asked to enter our personal details. And what happens to this data after we click the register button and agree to the privacy terms and conditions? By the way, how often do you read those endless pieces of data?

You never know at what point your personal data can be stolen or sold. In order to put an end to the digital feudalism and keep the users’ private data protected, EU releases stronger rules on the data protection.

What we are going to discuss in this post is the General Data Protection Regulation that will go into effect on May 25.

GDPR is a set of laws that are being enacted by the European Union but impacts everyone who is outside the EU. The set of regulations deals with the digital data and the way it’s being managed in the online world. If you are a web developer, designer, or just building web templates, then make yourself comfortable and keep reading further. The following information is just for you.


What is GDPR

This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.

This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.

The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.

Art. 1  Subject-matter and objectives

The EU data protection and privacy overhaul come in two major parts:

  1. GDPR is the modernized replacement of the Data Protection Derivative that was presented back in 1995. All of the principles of the latter are kept in the General Data Protection Regulation, with the addition of new requirements that reflect the changes of the modern-day digital era.
  2. The second part is the revamped ePrivacy Directive of 2002, better known as the cookie law. Originally, ePD was planned to go live on May 25, alongside with GDPR. However, it is still in draft negotiations. The document is expected to be finalized in late autumn - early winter 2018.

The delays of the ePD release may be a good thing for developers who can get ready for the upcoming changes and narrow scope of the ePD quite easily when the time comes.

Territorial Scope

Although we are talking about the EU regulations, you shouldn’t necessarily be located in the European Union in order to get ready to bring the respective changes to the way you treat your customer’s digital privacy.

  1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
  2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
    • the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
    • the monitoring of their behaviour as far as their behaviour takes place within the Union.
  3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.

Art. 3 - Territorial Scope

This means that if you do business in Europe or simply collect data on the European users, then you should protect their personal data in the full accordance with the revamped regulations. The regulations apply to all businesses regardless of their size, location, and financial turnover. If a business is not ready to accept the changes, then it should not work with the EU clients.

Personal Data vs Personality Identifiable Information

gdpr rules

The European term “personal data” is different from it US equivalent “personality identifiable information”. Here is the reason why.

As per the European regulations, personal data refers to any data related to the identified or identifiable natural person. This can be literally everything - a piece of data or a number of data points that are combined together to create a record about a person. In the EU, personal data contains a “sub-category” of the sensitive personal data, which refers to:

  • Racial or ethnic origin.
  • Political opinions.
  • Religious or philosophical beliefs.
  • Trade union membership.
  • Health data.
  • Sex life or sexual orientation, etc.

Sensitive personal data should be protected better than the regular personal data. The leakage of the sensitive personal data will result in the greater consequences.

support Ukraine

GDPR provides an expanded meaning of the ”personal data” term, which includes:

  • Genetic data
  • Biometric data (such as facial recognition or fingerprint logins)
  • Location data
  • Pseudonymized data
  • Online identifiers

Online identifiers include the terms like IP addresses, cookies, user account IDs, mobile devices ID, and other forms of the system-generated, which are especially important for web designers and developers.

The American “personally identifiable information” pertains a more limited set of characteristics compared to the EU’s GDPR.

Unlike the latter, the personally identifiable information doesn’t see personal information as contextual, which grows the risks of the data leakage.

Controller vs Processor

When one possesses personal data, the EU’s GDPR defines two main parties - data controllers and data processors.

  • A controller is a person or an organization that decides what data is collected and how it’s used.
  • As a data processor, a person or an entity processes the data on behalf of the controller.

As a web designer or a web developer, you can possess both roles.

As a processor, you cannot engage another processor without the prior written authorization of the controller. The relationships between the data controller and data processor are regulated by the written agreement, according to which the data processor should:

  • processes the personal data only on documented instructions from the controller, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Union or Member State law to which the processor is subject;
  • ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
  • taking into account the nature of the processing, assists the controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the controller’s obligation to respond to requests for exercising the data subject’s rights;
  • at the choice of the controller, deletes or returns all the personal data to the controller after the end of the provision of services relating to processing, and deletes existing copies unless Union or Member State law requires storage of the personal data;
  • makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Article and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller.

Art. 28 - Processor

How to Develop for GDPR

With all that being said, the logical question is how should web designers and developers work with the clients starting from May 25?

EU’s GDPR will affect the way you work online. This includes both business planning and running the major business processes. To be more specific, it touches upon UX, marketing, project management terms, and the web development itself.

When you start working for GDPR, the first and the fundamental document that you need to take care of is the Privacy Impact Assessment, i.e. a written document that must be made accessible to everyone involved in the project. This is a place where you specify the discuss, audit, and specify the privacy risks that are inherent in the data that you possess.

When it comes to working for GDPR, you should have a written documentation where a client and a web designer can find the regulations, terms, and requirements on how every party should behave in the event of a privacy concern.

The PIA should make it clear:

  • How and what kind of the personal data is processed and retained?
  • Where and how is the data stored?
  • For how long is the personal data stored?
  • Is the data collection and processing specified, explicit, and legitimate?
  • What is the basis of the consent for the data processing?
  • If not based on consent, what is the legal basis for the data processing?
  • Is the data minimized to what is explicitly required?
  • Is the data accurate and kept up to date?
  • How are users informed about the data processing?
  • What controls do users have over data collection and retention?
  • Is the data:
    • encrypted?
    • anonymized or pseudonymized?
    • backed up?
  • What are the technical and security measures at the host location?
  • Who has access to the data?
  • What data protection training have those individuals received?
  • What security measures do those individuals work with?
  • What data breach notification and alert procedures are in place?
  • What procedures are in place for government requests?
  • How does the data subject exercise their:
    • access rights?
    • right to data portability?
    • rights to erasure and the right to be forgotten?
    • right to restrict and object?
  • Are the obligations of all data processors, including subcontractors, covered by a contract?
    If the data is transferred outside the European Union, what are the protective measures and safeguards?
    What are the risks to the data subjects if the data is:
    • misused, mis-accessed, or breached?
    • modified?
    • lost?
  • What are the main sources of risk?
    What steps have been taken to mitigate those risks?

Working for GDPR is not only about the code and design. This also suggests that everyone who is involved in the specific project is aware of the legal background of their profession and knows the regional/local/national privacy laws.

In the perfect scenario, companies should educate their teams. There should be a documented proof that the web designer or web developer has passed the respective training.

How to Design

web design GIF

Design requirements are an integral part of the GDPR-oriented projects.

There two focal principles that you need to keep in mind at this stage are anonymization and minimization, both on the back end and front end. Do not link personal data with other sets stored in a single location.

According to GDPR, you need to specify the data retention and deletion schedules. Still, you do not need to delete everything once you finish working on the project. You are allowed to keep the purchasing for tax and income audit. When such data is no longer needed, make sure that it is removed from your archives and the third-party services like cloud storage.

Additionally, hide the personal data from the unexpected user attacks. The personal data shouldn’t be accessible in the plain view in either back-end or front-end. It should be encrypted in both the transit and rest.

How to Code?

web development GIF

In order to code as per the GDPR requirements, make sure that everyone who is involved in your project uses a specific set of code libraries, tools, and frameworks, all of which are documented on the list of the approved standards and methodologies for coding and testing. The tools and techniques that you are allowed to use while you create the code are not specified in the GDPR.

The thing that is important in that you need to specify and agree upon such tools that you will use in your work in the written document. The list can be modified later on. Just make play certain that everyone from the project is informed, and the respective changes are documented.

It goes without saying that the coding tools you choose for work should be safe and provided by the reliable third-party libraries.

How to Run Privacy Tests

test GIF

Working for GDPR means adding privacy by design and testing to the digital projects. The privacy tests should predict and foresee the possible hacking attacks, unauthorized data access, and the general security vulnerability.

When it comes to privacy testing, you should be really creative. Are the user passwords secure enough? Is the login data stored in cookies? Is it possible to access the data by triggering the error action intentionally? Did you mind the external alerts while running the privacy testing? Most importantly, did you document it? All of your testing efforts will be useless unless there is a living document confirming your actions.

Final Words

Working for GDPR, you need to be more specific about the terms and conditions of accessing and using personal data. You should be more thoughtful about the possible issues that you may face as well as have every step that you take documented clearly.

Be more transparent to your clients. Write the privacy terms in the common language. By the way, the “less is more” rule is perfectly suited to the terms and conditions page of your project. Do not make the users spend hours to get your message. Highlight the essentials and make it easy-to-follow. This grows the chances that the users will read when you’ve written instead of simply scrolling down to the “agree” button.

Katherine Crayon

copywriter reporting on tech news and all aspects of the web design industry. Anyone looking for more inspirational posts, tips and advice or simply the latest industry news, meet her in person on Quora and Twitter.

Get more to your email

Subscribe to our newsletter and access exclusive content and offers available only to MonsterPost subscribers.

From was successfully send!
Server error. Please, try again later.

5 responses to “For Web Developers’ Notice: EU GDPR Brings End of the Era of Digital Feudalism”

  1. Xwnapb says:

    imitrex online – order imitrex 50mg pills buy sumatriptan 50mg generic

  2. Cameronheimi says:

    amoxicillin without a doctor’s prescription discount prescription drugs

  3. ChesterJat says: п»їorder stromectol online

  4. Jonathontgk says:

    Check Latest News on Hindi tv shows

    I see all the winner personality in Pratik Sehajpal, Says Karan Nath who was component of BBOTT last year03:23Maddam Sir Gulki Joshi on play Urmila: it could fun, Hasee.01:27Kapil Sharma biopic to Umar Riaz on comments about his prof.03:56Bharti Singh on working while pregnant: I get adorned on.10:06Krushna Abhishek telephone TKSS team ‘doctors’; We amused v.11:54Fans answer Karanvir Sharma favourites Exclusive15:47Mohd Danish meet: We prized teasing Arunita Kanjilal a.02:51Bhabi Ji Ghar level Hai! Actor Saanand Verma references his r.

    Esha Kansara tests affirmative for second time

    TV video / photo FeatureRubina Dilaik to Shweta Tiwari; TV actresses who asiame review dealt with depression post their heartbreaks and came out stronger

    A backup plan’s a must: Juhi Singh Bajwa

    videos CelebsAmit Tandon: ‘Goodnight India’ to restore old school comedy on TV

    I feel blessed to have a holistic and encouraging mother in law, is marked Neha Marda

    TV picture / video InterviewsExclusive Mithun Chakraborty: My hotel business was badly affected the particular lockdown; ended up days when we couldn’.

    TV CelebsBride to be Mansi Srivastava dances her heart out at sangeet ceremony together with her bride squad; Surbhi Chandna, Shrenu Parikh.

    TV CelebsSheena Bajaj uploads an adorable reel with Rohit Purohit on their third marriage anniversary; seem

    truthfulness TVBigg Boss 15: Bharti Singh asks Salman Khan to try judging shows on tv; the second jokes tak ke judge bana nahi hoon, j.

    I have been without doubt respected contestants on Bigg Boss: Rahul Dev

    I unhappy that I couldn go back to Bigg Boss due to COVID: Vishal Kotian

    TV CelebsNia Sharma features some tough pole dancing moves leaving fans stunned; Writes ‘It’s like signing your own private death warrant.

  5. Louisvgy says:

    When a remote man is desperate to make hen feet and pig’s blood a customary piece of his eating regimen since he’s hitched to a Chinese language lady, is that this unequivocal verification of his duty to the connection and his adoration for her? For the individuals who take the convictions, both empowering and conventional joined to their nourishment inclinations and practices throughout actually, the appropriate response isn’t any. A remote man ought to genuinely think about his sustenance inclinations. In the occasion that the surface man does not think about his vital other’s cooking as well as most customary Chinese admission, they need to settle this concern of sustenance inclinations right off the bat in the relationship. Here’s the thing about going to a velocity relationship occasion. The guardians might feel more secure within the occasion that any individual within the system can give you a affirmation to you that your tyke is with any individual you’ll be able to trust. The guardians could have a way of security on the off likelihood that somebody can vouch for the system is dependent upon the person your child.

    People in these positions are presently concerned and journey so much that gathering the proper individual is practically incomprehensible every time left to circumstance. China identical to another Asian societies, for instance, Japan might be somewhere down in customs and can appear to have intercourse from time to time a sink or swim circumstance. Speed courting works by permitting every participant 8 minutes to find out if both of you want each other earlier than you progress on to the subsequent particular person. In any case, Chinese dating sites are brimming with youthful more and more present-day thinking single Chinese language ladies prepared to strive. There is still some degree of conservatism; in any case, more open doors result in more prominent inevitable matchmaking and success. One of the extra oft-rehashed cites about adoration is about the man’s stomach is the route to his coronary heart. So on the off probability that you’ll want to locate a customary Chinese language lady for adoration and marriage, it’s conceivable, but perhaps in the end you had been persuaded that the street you should go is the mail request lady of the hour. Numerous narrative proof recommends, in any case, that dissimilarities in sustenance tastes are one in every of solely a handful couple of zones of many culturally numerous connections where an out of doors man and a Chinese lady ought to just need to settle on a truce.

    In any case, the Chinese language lady is as but widely acclaimed for her humility and consideration. In sure pieces of China, Chinese dating administrations play out an obligation as an middleman to help affiliate star-crossed couples. Chinese dating websites can enable you to discover, magnificent Chinese Dating accomplices to flavor up your present web-primarily based relationship world, and is a custom of regard just as respect. This is an outdated customized with one other contort, which proves to be helpful when one of the potential accomplices is modest. I wasn’t one to hurry into anything, and that i made that very clear early on. Answering questions such because the one mentioned above help with that. It’s above a Chinese dating site. Boundless internet access just as younger life makes the web-primarily based dating scene how to tell if a chinese girl likes you in China an excellent spot to locate an inexpensive accomplice for courting and marriage. It is feasible that they have always adored the customary nourishments of China from the earliest place to begin (which is from time to time the case) or their taste buds figure out how to adjust to the uncommon flavors and surfaces (which moreover occurs seldom) for the wedding and even out of affection. With new web innovation, quite a few sorts of courting sites are leaping up, Chinese dating worldwide is starting to vary its preservationist heart to one thing progressively current day.

    Reducing-edge communication tools. Such features as dwell chat, video calls, voice messages, and digital gifts will make dating Vietnamese mail order brides pleasurable and snug. Mail order brides are reliable alone ladies, who’re in search of love. Those who seem like high-models have plenty of alternative in their own japanese country, so believe us after we say that the overwhelming majority of them don’t wish to become your spouse. It’s possible you’ll like being with a younger man, however you might not like that younger man’s immature buddies. Gyms being closed for therefore lengthy additionally hurt fitness routines. Courting web sites all day long. It’s as yet conceivable thus far in a customary approach, and a few Chinese young ladies are as but relationship men chosen by their households and want to keep this system for family creation. The amount he is eager to revamp his eating regimen when making lengthy haul preparations about wedding ceremony a Chinese language lady. Chinese web-based courting is as but a typically new marvel, yet is developing at a fast pace as a better amount of the peripheral areas come on-line with the rapid internet.

Leave a Reply

Your email address will not be published. Required fields are marked *