gdpr

Iubenda solutions

Websites and apps must always comply with the regulations of several countries (GDPR 2016/679, US CCPA, Australian APP, Cookie law). Failure to comply with the rules, in fact, entails the risk of substantial penalties. Iubenda offers all the tools to adapt your company. Jits is a certified Silver IUBENDA partner. We choice  iubenda after having made a careful analysis of what the market was offering.

The IUBENDA solutions at our disposal are::

  • Cookie banner geneator for the management of consent preferences as required by the ePrivacy Directive, the GDPR and the CCPA.
  • Privacy and Cookie Policy generator
  • Term and condition generator
  • Consent Solution
  • Internal privacy management

Now, let’s see in detail if the various solutions are able to satisfy all the regulations.

 

Is it enough to have a Cookie Banner and a Privacy Policy to be comply with the GDPR?

Using a Cookie Banner and generating a Privacy Policy is only the starting point to aligning with current legislation

In the GDPR it is clearly written that “The information in relation to the processing of personal data relating to the data subject should be given to him or her at the time of collection from the data subject, or, where the personal data are obtained from another source, within a reasonable period, depending on the circumstances of the case”.

A user can enter data and give consent in various ways, for example by filling in a form on our site. According to the GDPR 2016/679 regulation, we have to provide, upon specific request of the user, how this information was collected and the various consents given (for example the most simple consent relating to the sending of newsletters). It might be enough to think about storing this information in a database, but there is an underlying problem. Can the data be modified by someone by directly updating the database? The user could claim that he did not give consent. Can we prove it? So this solution, in addition to not being really GDPR compliant, doesn’t help us.

How do we solve this problem? Here comes the IUBENDA with Consent solution.

Demonstrate consent gathering by the Consent solution

The consent solution is a database where it is not possible to modify / delete the various information and consents given by a user. The database is managed by iubenda. With this solution we will always be able to demonstrate unequivocally how data and consents have been collected.

Iubenda, in addition to providing various plugins to integrate this solution,  offers the possibility to save and retrieve the consent actions carried out by your users also via HTTP API, making this solution really powerful.

Thinking of using only the iubenda plugin is not enough. For example, when sending newsletters you must add the possibility to unsubscribe at the bottom of the email. When user clicks on this option, however, it is not enough to remove him from the mailing list, but we must save this choice in the consent solution (revocation of consent for the newsletter). Another case could be the modification of the privacy policy. The version of the privacy policy is also stored in the Consent Solution. If we change it, we’ll required to inform the various users of the change so that they can accept the new version.

Here the HTTP API can help us in these cases.

 

Ecommerce and/or B2B

If we have B2B or B2C ecommerce on our site, we’ll have to inform customers about our return, withdrawal or cancellation policies. Also in this case IUBENDA comes to meet us with terms and conditions. You can generate a professional Terms and Conditions document, customizable thanks to constantly updated pre-configured clauses and available in 8 languages.

Now, are we comply with the GDPR? We have certainly taken a big step forward, but much remains to be done. How is the data we collected managed? Who is the owner, who is the data processor? And how is the data of our employees and suppliers managed? The answer is IUBENDA Internal Privacy Management.

 

Internal Privacy Management

To comply with privacy laws, in particular the GDPR, each organization must prepare a register of how the data collected from users is stored and used. In particular, the following must be documented:

  • Data retention policies for each processing activity
  • Security measures
  • Legal basis for processing
  • Possible transfer of data outside the EU
  • The individuals you share data with, both inside and outside your organization

Now we are really compliant and IUBENDA solutions have brilliantly covered the GDPR problem in 360 degrees.

Many companies do not give importance to the constant maintenance and updating of their address book. We know instead that it is one of the fundamental pillars and today more important than ever, at the basis of good company management. Perhaps this GDPR is not just other regulations to be respected, but a good starting point to optimize and organize your business!

 

NEWSLETTER SUBSCRIPTION



    I consent to the processing of my personal data for marketing purposes

    I accept the terms of privacy policy