Options and tools offered by Tilda for making sure your website is GDPR-compliant
The GDPR (General Data Protection Regulation) is the new European legislation that regulates how individuals and organizations may collect, use, and retain personal data. The GDPR goes into effect on May 25, 2018.
This guide covers some tools and options offered by Tilda that allow our users to comply with GDPR; it highlights a number of important points that you, as a Tilda website owner, should be aware of, and it also describes what Tilda is doing to comply with GDPR.
Disclaimer: This article should not be construed or relied upon as legal counselling. If you have any questions you should speak to your lawyer to find out how GDPR effects you.
Options and tools offered by Tilda
1.Cookie Consent Notification
To inform your website visitor that you are using cookies and receive their consent, add to your page the block T657 from the Other category.
3. GDPR-friendly forms
4. Simplified Statistics Mode (Disabling cookies)
To disable cookies, go to Site Settings → Analytics&SEO → Site Statistics → Settings.
5. IP Anonymization in Google Analytics
Google Analytics provides a feature that allows website owners to request that all of their users' IP addresses are anonymized within the product. If you have assigned Google Analytics and want to activate this feature, tick the box Turn on IP anonymization in Google Analytics counter settings in your account on Tilda.
To do this, go to the Site Settings → Analytics&SEO → Google Analytics → Settings.
6. Managing data retention period
By default, all data sent via data capture forms on a website is available in your account for 30 days. If you don't want to store data in your Tilda account, you can delete it. Data will be deleted immediately after it is sent to a third-party data capture service.
To do this, go to Site Settings → Forms → General forms settings → Data storage period → Don't save.
7. Deleting personal data on your user's request
If you have a request to delete personal data from a user who sent their data via a data capture form, you can remove it in the 'Leads' section of the website. Data will be removed from your Tilda account. If you have assigned third-party services, you need to delete data there as well.
8. Configuring HTTPS on your website
All data transfers that go through Tilda are encrypted and have cryptographic SSL connection by default. However, you can сonfigure additional safe protocols on your website by issuing a free SSL certificate.
The least number of steps you should take to make your website GDPR-complaint
1. Add a cookie consent notification to inform your website visitors that you are using cookies and to obtain their consent;
5. Configure HTTPS
What to do if you can't be bothered to deal with GDPR rules
You need to stop collecting personal data of EU citizens. To do this:
1. Don't use data capture forms on your website. Instead, add your contact information such as your phone number and email to your website to allow people to get in touch with you without sending their personal data.
2. Turn on Simplified Mode for statistics to avoid using cookies.
3. Disable all external statistics tools such as Google Analytics and Google Tag Manager.
What is Tilda doing to comply with GDPR?
In short, the main principles we follow are:
1. Security, confidentiality and data safety
The data you share with us is processed via a safe, encrypted connection by using HTTPS protocol. We also implement security measures designed to protect personal data, including physical, electronic and procedural measures.
2. Transparency in personal data usage
3. Right to access and manage personal data
Change, update or delete your personal information or your users' personal information at any time from your account. You may contact us at Tilda to help you edit or change this information.
4. Right to move data
Obtain and reuse your personal information or your users' personal information with other services or providers at any time from your account. You may contact us at Tilda to help you transfer this information.
5. Right to be forgotten
You can delete the data you share with us as well as your users' data from your account. You can also delete your account at any time. You may send us a request for deleting data that we undertake to process in reasonable time.