We have been working hard to ensure the REC platform complies with the General Data Protection Regulation (GDPR) which comes into force on 25th May 2018. This is a heads up about the changes we will be releasing next Tuesday 24th April which will enable you to take many of the necessary steps to ensure you are compliant.
New Cookie Message
A newly-worded cookie message and layout will be displayed to first-time visitors in place of the existing message. The new message will inherit the colour schemes of your site if you have adapted it.
New Cookie Pop-up (for responsive design websites)
When the Cookie Settings link is cliked it will fire up a modal window giving the visitor the ability to manage which cookies they wish to allow, as required under GDPR. A version of this will be made available for non-responsive websites at a later date.
Positive Opt-in Consent For Newsletters / Email Campaigns
The system will cater for positive opt-in consent to newsletters where the individual will have to tick a box to be added as a newsletter subscriber, rather than it being pre-ticked for them.
Re-permissioning For Email Campaigns
A re-permissioning process has been defined to include a program for bulk unsubscribes and a new "Subscribe" field which can be added to email templates to allow people to opt-in to future marketing emails.
Form Data Collection Tips
This enables you to add some explainer text on form fields to explain why you wish to collect that particular data.
Users Can See Their Form Submissions
Users will be able to see what forms they submitted on your site when they log in to their User Home page.
The audit log will keep a record of when users are added to the system and when there are changes to their newsletter subscription, status, level and group. This will help administrators to see what has happened historically as part of complying with individuals' rights to restrict processing or to be forgotten.
What Will You Have To Do?
We will be providing guidance on the steps you need to take to use these new features when the release is made available next week.
There will be further releases before the 25th May which are more targeted towards alerts and notifications when administrators access private data. This is part of extending the perimeter for data breach detection because many data breaches originate from inside a company rather than being external website hacks.