Jump to content

Looking for a free or low cost GDPR solution that actually meets regulatory requirements.

Recommended Posts

Has anyone found a free or low-cost GDPR-compliance solution that works with a small Squarespace site, that is actually compliant with GDPR legal requirements?

After spending the afternoon reading, it doesn't appear that the [cookie banner] GDPR solution that Squarespace makes available to its own customers is compliant. Interestingly, it is also not the one they use for their own corporate website(s). 

A cookie banner alone does not meet GDPR requirements. There must be valid, documented, reversible and renewable consent. Consent must be obtained prior to processing, and be transparent and customizable by the site visitor (i.e. necessary cookies, other cookies listed by type). Someone who gave consent must be able to revoke consent. "Documentation" means a secure consent repository/database so that we, as site operators, can provide proof that consent was obtained. The database needs to store a record of each user's consent, including how they consented, exactly what they consented to, and the date/time they gave their consent.  

Another issue is that a GDPR-compliant site's privacy policy needs to be transparent. Something as basic as the data collected on a Squarespace form - where and how is it stored and processed? If someone who submitted a form wants their data deleted - how does one do that? 

Since I am not an expert in GDPR, there may be other requirements that I missed. My "solution" for the past 3 years has been to turn off all cookies and explicitly state that the site is not intended for site visitors from the EU. This goes against the purpose of the website, and is not a satisfactory solution by any measure.

Edited by Lis7
typo
Link to comment
6 hours ago, Lis7 said:

Has anyone found a free or low-cost GDPR-compliance solution that works with a small Squarespace site, that is actually compliant with GDPR legal requirements?

After spending the afternoon reading, it doesn't appear that the [cookie banner] GDPR solution that Squarespace makes available to its own customers is compliant. Interestingly, it is also not the one they use for their own corporate website(s). 

A cookie banner alone does not meet GDPR requirements. There must be valid, documented, reversible and renewable consent. Consent must be obtained prior to processing, and be transparent and customizable by the site visitor (i.e. necessary cookies, other cookies listed by type). Someone who gave consent must be able to revoke consent. "Documentation" means a secure consent repository/database so that we, as site operators, can provide proof that consent was obtained. The database needs to store a record of each user's consent, including how they consented, exactly what they consented to, and the date/time they gave their consent.  

Another issue is that a GDPR-compliant site's privacy policy needs to be transparent. Something as basic as the data collected on a Squarespace form - where and how is it stored and processed? If someone who submitted a form wants their data deleted - how does one do that? 

Since I am not an expert in GDPR, there may be other requirements that I missed. My "solution" for the past 3 years has been to turn off all cookies and explicitly state that the site is not intended for site visitors from the EU. This goes against the purpose of the website, and is not a satisfactory solution by any measure.

So far no, I've asked to square space several times for almost more than a year and the answer has always been the same "use our cookies banner" or something that implies that ,but  as you and I know that isn't enough

Edited by ArmusZero
Link to comment
  • 9 months later...

Hi I am also searching for a solution. This is not a feature nice to have. From 01.01.2022 on the new requirements for extended cookie banner takes place in the EU.

Try to implement "Cookiebot". They provide a script that has be loaded at first directly after the <head> tag. I take this code and placed it via code injection. So far no problems. But I open the website the new cookie dialog does not appear!

Hier e the code I Inject:

<script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="ecd23f64-c412-40fd-8b9e-3091b3641c29" data-blockingmode="auto" type="text/javascript"></script>

Needless to say, if these requirements are not met, a fine can be levied or the website can be warned off.
Actually, I would expect Squarespace to provide their own DSGVO compliant solution here.

Does anyone know why the inserted code is not displayed? Or has someone used another tool and knows how to implement it.
I am grateful for help.

Cheers

Stefan

Link to comment

@Zaskar

Is the code installed now? If not please install it again.

Please post the URL for a page on your site where we can see your issue.

If your site is not public please set up a site-wide password, if you've not already done so.

Post the password here.

Adding a site-wide password does not allow anyone to alter your site. It only allows those with the password to see your site. Please read the documentation at the link provided to understand how it works.

Please read the documentation at the link provided on how to share a link to your site to understand how it works. A link to the backend of the your site won’t work for us, i.e. a url that contains /config/.

We can then take a look at your issue.

Find my contributions useful? Please like, upvote, mark my answer as the best ( solution ), and see my profile. Thanks for your support! I am a Squarespace ( and other technological things ) consultant open for new projects.

Link to comment
  • 3 weeks later...

Resurrecting this thread, cookie policy is not enough. Per GDPR you are the data controller and squarespace, being a SaaS, is the data processor. Some thoughts (I created a ticket at least two months ago but they never replied to it):

  • Is there a document between you and squarespace describing what they will store and how it will be stored? This is important because squarespace is storing website data in their database.
    • Per GDPR, processing must ensure security and protect against unauthorized or unlawful processing.
    • Which personal data will be stored in the squarespace databases?
    • All personal data processing should be fair and have legitimate reason
  • GDPR has six types of Legitimate Purposes of processing personal data. You need to find which ones fit your case.
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

×
×
  • Create New...

Squarespace Webinars

Free online sessions where you’ll learn the basics and refine your Squarespace skills.

Hire a Designer

Stand out online with the help of an experienced designer or developer.