With GDPR in full effect, we wanted to provide a simple checklist for you to make sure your Scrivito projects are compliant. When using the Example App as the basis for your project, there are several features built in to help. Additionally, as Scrivito is an EU-based company, we work to provide GDPR-compliant products for our customers and assist where we can.
What is GDPR? In a nutshell, if you track or collect data from visitors to your website and they are in the EU, you need to collect the data in a GDPR-compliant way. There are three main points to these requirements: explicit consent, right to access, and right to be forgotten. Further, storage of personally identifiable information (PII) of EU citizens must be stored in the EU. GDPR is a complex topic, and we are only scratching the surface here, so it is recommended to discuss your specific requirements and liabilities with a qualified data protection officer or lawyer.
1The forms in the Example App all have a consent field which, when activated, are required for form submission. The consent text is sent as part of the form data so it can be tracked with the users’ data in case of a GDPR audit. Additionally, the contact form can be customized to store data to whichever backend you choose, which needs to be GDPR compliant. By default, as an example implementation, our widget utilizes Netlify Forms which might require a data processing agreement (DPA) between you and Netlify because they store data also in the US.