Are you looking for a way to make your website compliant with regulations without having to spend hours understanding complex articles or tutorials on GDPR? You're in the right place!

In this article, we will discussthe importance of GDPR for websites, why it is crucial to be compliant , and the risks risks you face if you ignore compliance.

We’ll also explain the key features of Avacy that will make your website fully compliant, in an easy and intuitive way.

 

Why is GDPR so important for a website?

In 2024, we face a concerning reality: a large majority of websites still do not fully comply with the regulations imposed by the General Data Protection Regulation (GDPR).

But what does this situation exactly mean? Going back to 2018, when privacy regulations underwent significant changes, data controllers, including those managing websites or online platforms, were called to take a proactive approach to user privacy.

 

What was GDPR created for?

GDPR was created to:

      1. Unify regulations across the EU: Before GDPR, each European country had its own privacy rules. GDPR standardized these laws for all businesses operating within the EU, making the regulatory landscape simpler.

      1. Unifying regulation within the EU. Before the GDPR, each European country had its own privacy rules. The GDPR standardized these laws for all companies operating in the EU, thus simplifying the regulatory landscape.

      1. Impose strict penalties: Companies that fail to comply with GDPR can face fines of up to 4% of their annual global turnover or 20 million euros, whichever is higher.

    It has therefore become mandatory to clearly and unequivocally disclose how personal data is used.

    For example, if a website wants to use personal data for advertising purposes, explicit consent must be obtained, and users must also be offered the option to refuse such use.

    The lack of a clear option to reject cookies, still present on many websites, effectively prevents the profiling necessary to provide targeted advertising, reflecting widespread non-compliance.

     

    Risks of non-compliance

    Ignoring the GDPR means breaking the law, and this carries significant risks:

        1. Financial penalties: As already mentioned, non-compliance fines can be severe.

        1. Reputation damage: A company that fails to protect customer data adequately can suffer serious reputational harm, which can negatively affect trust and customer loyalty.

        1. Loss of customers: Consumers are increasingly aware of their rights regarding personal data. A violation can lead to the loss of customers who seek companies that prioritize transparency and data security.
       

      What does it mean to have a compliant website today?

      Having a compliant website means implementing a cookie banner that clearly and unequivocally describes what data is collected and how it is used.

       

      Avacy Cookie Banner

       

      Compliance, however, goes beyond just installing a cookie banner. It requires a thorough understanding and serious implementation of privacy laws, often requiring legal intervention to navigate the complex bureaucratic and legal details.

      Compliance, however, goes beyond installing a cookie banner. It requires a deep understanding and serious implementation of privacy laws, often necessitating the involvement of legal professionals and lawyers to navigate the complex bureaucratic and legal details.

      Preparing appropriate forms and managing the required documentation can be a costly process, which is why many companies choose to delegate these responsibilities to specialists or third parties.

      Making a website compliant is therefore a significant investment in terms of time, resources, and effort, reflecting the importance of protecting users' rights and privacy in an increasingly connected digital age.

       

      What is Avacy and why is it essential for your site's compliance?

      Avacy is a piattaforma di gestione del consenso designed to automate the fundamental processes required for your website’s compliance.

      Among its key functions, it generates privacy and cookie policies that are truly compliant, manages visible cookie banners on your site, and stores user consents. This last feature is crucial for having tangible proof of user consent, especially in the case of legal disputes.

      The goal is to simplify and automate these processes, reducing the risk of errors and ensuring compliance with current regulations.

      Avacy is committed to offering an updated and user-friendly platform, ensuring that users remain in line with the laws in a simple and effective way.

      Moreover, Avacy CMP stands out in the market as a competitive platform, focusing not only on offering favorable pricing but also on the quality of the user experience.

       



       

      Guide to Making Your Website Compliant with Avacy

      Registration

      Avacy offers an intuitive registration interface where you just need to enter your personal details such as name, surname, email, date of birth, set a password, and accept the terms and conditions.

      Interfaccia di registrazione di Avacy

      After registration, you’ll receive a verification email to allow immediate access to the platform and team creation.

      Team Creation

      A team in Avacy is a group dedicated to managing users and websites within the platform. Through teams, you can add or remove users, define their permissions, and assign granular authorizations to limit access to specific parts of the data.

       

      Interfaccia di creazione del team in avacy

      Within a team, you can view and manage all the websites under your responsibility.

      For example, if you’re a marketing agency managing multiple online platforms, you can create a team for each client and include the websites you manage for each of them.

      This allows you to effectively manage all aspects related to the cookie banner, privacy policies, and more for each website.

      Choosing the Plan

      After creating the team, the next step is selecting the plan.

      Selezione del piano di abbonamento di avacy

      The annual plan includes the ability to choose a package of websites to manage. For example, if you are an agency managing 25 websites, there’s a dedicated package with the corresponding pricing.

      Once you select the plan, you can add the web spaces to the created team.

      Creating Web Space

      A web space is essentially a synonym for a website. These are the websites managed within the platform. If you're an agency managing two websites, you will see both web spaces listed in Avacy, with a dedicated dashboard for each.

      Creazione spazio web in avacy

      Within each individual web space, you will have access to all functionalities related to managing the cookie banner, configuring the privacy and cookie policy documents, consent storage, and other crucial information.

      Interfaccia di avacy

      You’ll also be able to see the number of active cookies and detected providers on your website, manage languages if the site is multilingual, and get an overview of the scans performed on the site.

      How to set up a website

      Let's get to the point: let's see together how to set up a website on Avacy !

      The Avacy configuration screen includes a wizard that breaks down into 4 steps: 4 step:

      First step

      Configurare uno spazio web con avacy step 1

      This part is dedicated to the website you want to configure on Avacy. Enter the domain of the site and, if necessary, you can add third-level domains by selecting the option “Do you have third-level domains to add?”. You will also have the option to set up periodic scans to give you a constant overview of the cookies installed on your site.

      This feature is especially useful for frequently updated sites or those using platforms like WordPress, where the installation of new plugins might add new cookies without direct control.

      You can also select the desired languages. Avacy supports multilingual websites, currently offering support for the major European languages and continuously adding new languages to the list

      Second step

      Configurazione spazio web con avacy step 2

      This screen is about the data of the data controller, an optional but crucial step to ensure regulatory compliance.

      If you don’t immediately have all the data for the data controller, you can insert them later.

      However, it’s important to provide this information as it will appear in the privacy policy document, where you clearly state who is responsible for managing the data collected from users visiting your site.

      Among the optional data, there is the possibility to enter the email of the DPO (Data Protection Officer). If you are using a DPO for data management, you can directly enter their email here

      Third step

      Configurazione spazio web con avacy step 3

      At this point, a preliminary scan of the site will be performed. The duration of the scan may vary depending on the size of the website. This tool is essential because it automates several steps, such as identifying the providers operating on the site and the cookies installed.

      However, it's important to understand that the scan might not be 100% accurate. This is not an issue specific to Avacy, but is common to all CMPs (Consent Management Platforms). It is difficult to accurately detect all cookies and technologies on a website due to the complexity of how they are installed

      Nevertheless, the scan greatly simplifies the work, even though it is not always possible to detect all the information related to websites.

      Once the scan is complete, a preliminary list of detected vendors on the site will be displayed, such as Google, Cloudflare (hosting service), LinkedIn, and Stripe, along with the associated cookies.

      By adding these vendors, you declare which cookies are associated with each of them.

      However, it's important to note that the scan might not detect all vendors. In that case, if we are aware of any vendors that need to be included, we can do so manually by activating the individual vendor of interest.

      For example, we might notice that the crawler didn’t visit the cart page, where a Facebook event is triggered when an item is added to the cart. In this case, we can manually activate the Facebook vendor and associate the corresponding cookies.

      Selezionare i fornitori con avacy

      Fourth Step

      Configurazione spazio web con avacy step 4

      After entering the providers and cookies in the list, you can proceed with integrating the cookie banner on the website. This banner can be integrated in several ways:

        1. Through HTML code: you can use a script or HTML code to be installed in the header of the webpage. This method is compatible with various technologies, including WordPress.

        1. WordPress: a WordPress plugin is currently under development to simplify the integration of the cookie banner and the preventive blocking of tracking technologies on the site.

        1. Google Tag Manager: if you use Google Tag Manager, Avacy also supports version 2 of the Consent Mode, which has recently become mandatory for sites using Google Analytics and similar services.

      Once the cookie banner is integrated and the initial configuration of the website is completed, there are still some options to check.

      You can generate the Privacy Policy and Cookie Policy based on the information collected during the setup. You can also modify the list of cookies and vendors, adding or changing entries as needed. Additionally, you can customize the cookie banner, changing the colors or text according to your preferences

      Generation of the Privacy Policy

      The privacy policy is structured through an interface that presents a series of questions related to the nature of your website.

      You can indicate whether the site is an e-commerce, uses contact forms, performs certain types of tracking, collects geolocation data, or handles sensitive data, and so on.

      Once the questions are answered, a document is generated containing all the corresponding clauses

      This document can be integrated into the website in various ways: for example, you can obtain a direct link to include the privacy policy on a specific page or insert it into a pop-up window for greater accessibility.

      The integration of the privacy policy is highly flexible and can be adapted to the specific needs of each website owner.

      Privacy policies can be generated in different languages. If you want an English version, simply select the "English" option and follow the steps to generate the document.

      Additionally, there are other customizable options within the privacy policy, such as the retention period of personal data. All data presented has been legally validated, ensuring that the generated document fully complies with current regulations."

      Generazione della privacy policy con avacy

      Cookie policy

      The cookie policy is a more static text as it essentially serves to declare the use of cookies on the website. It must specify which cookies are used, both for profiling and for technical purposes, and explain to users how to disable them in their browser.

      All this information is already included in the document generated automatically, ensuring full coverage.

      The part that may require a review is the section regarding the lists of cookies and providers. These sections provide an overview of the providers and third parties used for tracking on the site, as well as the technical cookies installed.

      Cookie Configuration

      Cookies are divided into technical cookies and profiling cookies.

       

      Technical cookies

      Technical cookies are essential for the functioning of the website and cannot be refused by the user. Disabling technical cookies may compromise the proper functioning of the site.

      These cookies are not subject to blocking by the Data Protection Authority and are necessary solely for the operation of the site, without any profiling or data collection purposes from users.

       

      Profiling cookies

      Profiling cookies , on the other hand, can be provided both by you and by third parties such as Google Analytics, Google Ads, and Facebook Pixel.

      These cookies collect data from users and are used for marketing and advertising purposes. It is crucial to have a clear overview of the third parties operating on the site and the cookies they provide, to understand whether they are functional or technical cookies, not subject to GDPR restrictions, or if they are profiling cookies, which must be declared in the cookie policy.

      Cookie List

      Changes made to the cookie list are automatically reflected in the cookie policy.

      Any modification, saving, or addition of cookies to the list is automatically updated in the cookie policy, ensuring precise and up-to-date management of the cookies present on the site.

       

      Lista dei cookie

      Let’s take the YSC cookie as an example: this is commonly associated with YouTube, but nothing prevents a website owner from developing a cookie called YSC that is not linked to YouTube.

      It’s important to understand that, while in most cases cookies are correctly associated with providers, there is always a small margin of error.

      In some cases, it might happen that a cookie called YSC is not linked to YouTube but is instead a cookie developed internally by the website owner. This depends on how the website was developed and managed.

      So, while cookie scanning and provider association are usually accurate, exceptions may occur.

      List of Providers

      This list must appear in the cookie preferences panel of the cookie banner. In the providers panel, you can add a new provider by clicking "Add new provider" at the top right.

      List of Providers

      It is possible to enter the provider's name and other related data. Additionally, providers can be added from the list of frequent providers, or their details can be modified to include extra information, such as a description for users.

      If the provider list is linked to the cookie policy, it can also be included in the privacy policy, although this option is not mandatory.

      However, it is an important piece of data for understanding the site's situation and for future updates in case of changes or additions of new providers or cookies.

      Once the provider list is saved and published, it is displayed in the site’s cookie banner.

      Customize the Cookie Banner

      In this section, we can view a preview of the cookie banner and see which third parties are actually listed in the cookie preferences panel of the banner.

      Personalizzazione del cookie banner con avacy

      This is crucial from a GDPR perspective, as users must be clearly informed about the providers to whom their data will be sent if they choose to accept the cookies.

      Therefore, the section related to the list of providers is vital, as the cookie banner serves as the site's privacy calling card.

      Next, we move on to the aesthetic customization of the cookie banner. We can choose the position, add a logo for branding, and modify texts, colors, and fonts. The texts are already GDPR-compliant, but they can be modified if necessary.

      The banner is available in multiple languages, configurable based on the language of the site.

      Personalizzare i testi del cookie banner con avacy

      Regarding the text in the cookie banner preferences, it is advisable to customize them with the assistance of a legal professional to ensure the accuracy of the information and compliance with regulations.

      Among the advanced settings, there is supporto alla Google Consent Mode which allows enabling the purposes related to this mode in the cookie banner.

      These purposes are linked to Google's consent indicators and are explained in Avacy's documentation, which also provides technical details on site configuration and banner customizations.

      Additionally, Avacy's documentation offers a comprehensive guide on how to integrate and configure the banner on your site, providing details on various features and advanced settings, as well as step-by-step instructions on how to execute the desired customizations.

      Consent archive

      The Data Protection Authority (Garante della Privacy) has emphasized the importance for agencies to maintain a consent archive, but has not specified in detail how this data should be collected.

      The fundamental principle is to collect only the minimum necessary: for example, if a user enters their email in a contact form for a newsletter, the consent archive stores the "proof" that the user has consented to the processing of their personal data.

      However, the Garante has not provided precise limits on what data can be collected or whether there are restrictions on uniquely identifying users. If an agency decides to collect additional data that allows for more precise identification of the user, it could cross a legal line.

      It is important to understand that this is a sensitive area, and contrary to what many suggest, simply purchasing a solution does not automatically guarantee protection. Even though various consent platforms may try to create fear by presenting the consent archive as the sole remedy to avoid fines, it is crucial to know that even with a fully compliant consent archive, you are not immune to potential challenges. To avoid this, it is essential that each tool is configured correctly based on the specific case and data of the individual website.

      Conclusion

      Now that you have access to all the necessary tools, we invite you to registrarti su Avacy and start the process of adapting your site to privacy regulations!

      If you want more detailed insights, we recommend watching the webinar below!

      For any questions or doubts, feel free to contact us.