Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Advanced Search
  • 0

Looking for a free or low cost GDPR solution that actually meets regulatory requirements.


Lis7

Question

Has anyone found a free or low-cost GDPR-compliance solution that works with a small Squarespace site, that is actually compliant with GDPR legal requirements?

After spending the afternoon reading, it doesn't appear that the [cookie banner] GDPR solution that Squarespace makes available to its own customers is compliant. Interestingly, it is also not the one they use for their own corporate website(s). 

A cookie banner alone does not meet GDPR requirements. There must be valid, documented, reversible and renewable consent. Consent must be obtained prior to processing, and be transparent and customizable by the site visitor (i.e. necessary cookies, other cookies listed by type). Someone who gave consent must be able to revoke consent. "Documentation" means a secure consent repository/database so that we, as site operators, can provide proof that consent was obtained. The database needs to store a record of each user's consent, including how they consented, exactly what they consented to, and the date/time they gave their consent.  

Another issue is that a GDPR-compliant site's privacy policy needs to be transparent. Something as basic as the data collected on a Squarespace form - where and how is it stored and processed? If someone who submitted a form wants their data deleted - how does one do that? 

Since I am not an expert in GDPR, there may be other requirements that I missed. My "solution" for the past 3 years has been to turn off all cookies and explicitly state that the site is not intended for site visitors from the EU. This goes against the purpose of the website, and is not a satisfactory solution by any measure.

Edited by Lis7
typo
Link to comment

1 answer to this question

Recommended Posts

  • 0
6 hours ago, Lis7 said:

Has anyone found a free or low-cost GDPR-compliance solution that works with a small Squarespace site, that is actually compliant with GDPR legal requirements?

After spending the afternoon reading, it doesn't appear that the [cookie banner] GDPR solution that Squarespace makes available to its own customers is compliant. Interestingly, it is also not the one they use for their own corporate website(s). 

A cookie banner alone does not meet GDPR requirements. There must be valid, documented, reversible and renewable consent. Consent must be obtained prior to processing, and be transparent and customizable by the site visitor (i.e. necessary cookies, other cookies listed by type). Someone who gave consent must be able to revoke consent. "Documentation" means a secure consent repository/database so that we, as site operators, can provide proof that consent was obtained. The database needs to store a record of each user's consent, including how they consented, exactly what they consented to, and the date/time they gave their consent.  

Another issue is that a GDPR-compliant site's privacy policy needs to be transparent. Something as basic as the data collected on a Squarespace form - where and how is it stored and processed? If someone who submitted a form wants their data deleted - how does one do that? 

Since I am not an expert in GDPR, there may be other requirements that I missed. My "solution" for the past 3 years has been to turn off all cookies and explicitly state that the site is not intended for site visitors from the EU. This goes against the purpose of the website, and is not a satisfactory solution by any measure.

So far no, I've asked to square space several times for almost more than a year and the answer has always been the same "use our cookies banner" or something that implies that ,but  as you and I know that isn't enough

Edited by ArmusZero
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

×
×
  • Create New...