What is GDPR Compliance? Checklist For Compliant Wix Websites

You may be asking yourself, what is GDPR? What does GDPR stand for? What does GDPR mean?

The General Data Protection Regulation (GDPR) is a regulation intended to strengthen and unify data protection for all individuals within the European Union. The GDPR ultimately aims to protect the fundamental right to privacy and protection of personal data for individuals.

If you have created a website through Wix, rest assured that Wix welcomes the GDPR regulation as they are 100% committed to data protection for their users, and customer trust is their top priority.

Wix has worked with a team of experts to implement the required adjustments to their products, services, and documentation to ensure GDPR compliance. This has empowered Wix users to gain more control over their personal data and access the tools necessary to protect the information of visitors to Wix websites.

Wix Website GDPR Compliance

Wix is 100% dedicated to data protection and they are doing the following to ensure data protection for all of their customers:

Full-Time Security Consultants - Wix employs full-time security consultants, dedicated to the security of customer information. Third party security and vulnerability scanning tools are utilized to secure users’ account information and safety.

Payment Card Industry Data Security Standard – Wix is PCI DSS compliant and is accredited as a top-level service provider and merchant. This standard helps create a secure environment by increasing cardholder data and reducing credit card fraud. Wix regularly performs internal security audits to maintain their ISO/PCI security certifications.

Secure Signup & Login Services – Wix’s signup and login services are completed through a secure server (HTTPS/SSL) to ensure protection of user information.

Cryptography Utilization – Wix utilizes cryptography hash functions to protect user information. A user’s password is stored as a hash digest and in the event of a security hack, the user’s original password cannot be recovered from Wix servers.

Privacy Shield Framework Certified – Wix.com is certified under the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU, Switzerland to the US, and adheres to the Privacy Shield Principles.

Forgotten Data – In accordance with the GDPR, Wix site visitors have the right to access their data or “be forgotten” and be permanently deleted from their databases.

GDPR Compliance Requirements

The GDPR aims to protect the fundamental rights to privacy and protection of the personal data of European Union citizens.

Whether or not you, or your business is located in the European Union, the GDPR regulation affects any entity (including websites) that process EU citizens’ personal data. If your Wix site has EU visitors or if your marketing campaigns target EU citizens, then the GDPR regulation affects you as well.

Wix provides users with GDPR compliance tools to ensure that your website meets GDPR requirements:

Create a Privacy Policy

Key elements of the GDPR require transparency and communication with your site visitors. The GDPR regulation requires you to let your site visitors understand how you collect, store and use their data and additionally, you must comply with your site visitors’ requests to receive a copy of their data that is processed on your site.

A privacy policy is a statement that discloses the ways in which your website gathers, uses, discloses and manages your site visitors’ data. Although Wix cannot provide you with legal advice on how to write a privacy policy, we recommend that you maintain a clear and comprehensive policy regarding privacy for your website.

About Data Storage and Data Transfers

Wix can store your site visitors’ data in various locations. Your site visitors’ personal information may store in data centers located in the US, Ireland, South Korea, Taiwan and Israel.

Wix is a global company that respects the laws of the jurisdictions it operates within. The processing of the User Customer Data may take place within the territory of the European Union, Israel or a third country, territory, or one or more specified sectors within that third country, of which the European Commission has decided that it ensures an adequate level of protection.

About Cookies and Cookie Banners

The GDPR requires that you receive affirmative consent from site visitors before placing non-essential cookies on their device. Generally, the cookies which are initially placed on your Wix website may be categorized as essential cookies: security, anti-fraud, and other purposes related to the specific functionality of your service.

Wix is a platform that gives web creators the ability to add multiple components, codes, third-party applications, and much more. These apps and integrations might make it so that your website will include other types of cookies that require affirmative GDPR consent. Review which cookies are placed on your site visitors’ browsers and confirm whether or not your site needs a cookie banner. A cookie banner allows your visitors to give their consent to non-essential cookies to be placed on their device.

Request Consent to Process Your Site Visitors’ Data

The GDPR establishes ways where you can legally process your site visitors’ data. Requesting your site visitors’ consent is one way to lawfully process data, although it may not be the best method for your business.

Choose the best and most appropriate data processing method for your business. If you want to receive 'affirmative consent' from your site-visitors before processing their data, you can do so by:

• Displaying a Cookie Banner on Your Wix Site

• Using Wix Forms to Receive Explicit Consent,

• Creating a Custom Form and Connect it to a Database using Corvid by Wix

• Adding a Policy Checkbox to Your Wix Stores Checkout Page,

• Customizing Your Booking Form’s Fields in Wix Bookings

Get Consent for Your Marketing Campaigns

Email marketing campaigns require consent from your site visitors. If you’re utilizing Wix Email Marketing, MailChimp, or any other email marketing tools, then listen up because this applies to you.

Consent to receive marketing campaigns can be interpreted and applied in different ways on your website. Implied consent is when the user “subscribes” to your marketing campaigns through their email. Explicit consent is when you request information from your site visitors before sending them any marketing materials.

To learn more about what you can do to meet GDPR compliance regarding email marketing, visit Wix’s privacy page.

Ensuring Your Third-Party Apps are GDPR Compliant

The GDPR requires you to be responsible for any third-party apps or services implemented on your site. These services can include data analytics tools from Google, Facebook etc.

When reviewing your Wix site for GDPR compliance, making sure that your third-party apps are also GDPR compliant is necessary. If you’re unsure, contact your third-party app directly for any questions or concerns.

You can build a stunning GDPR compliant website at Wix.com. There are steps you must take to ensure your site is GDPR-compliant. The above checklist is a good place to start! NB Media is here to guide you along the way to GDPR Compliancy.