Popular topics
Follow Us
a woman wearing glasses looking at a computer screen.

7 tips to successfully fail the GDPR compliance of your website

Table of Contents Hide
  1. Online forms, dare to ask everything from your visitors
  2. Generously share your customer knowledge with third parties
  3. A fake cookie module, when the user thinks he’s making a choice
  4. When consent requests become harassment
  5. Plugins, modules, multiply useless but data-hungry tools
  6. Lose your users in the privacy policy
  7. And to think that some people want to make their privacy policy readable…
  8. Conclusion: It was a joke

Stand out from your competitors, and offer non-compliant websites with GDPR! Adapt your action plans, and avoid being private: unlimited data collection, generous sharing, lack of cybersecurity, dark patterns, etc. We give you our shortlist of worst practices to make your websites the ultimate reference.

Online forms, dare to ask everything from your visitors

Too many DPOs recommend moderate collection of personal data by their companies.

You know how to do the opposite. Open your horizons, and be limitless: collect what’s necessary, redundant, and perfectly useless.

  • Multiply the data fields, and ask for maximum data. Don’t listen to UX design or marketing that too quickly recommend sobriety.
  • When a user dares to ask you for information by email, the minimum is that they give their social security number and bank details. That’s what you call “encrypting data”…
  • Also, find out about the religious and political beliefs of your prospects…
  • Be generous with the supporting documents to be attached to the email. Photocopy of ID card, health card, medical prescriptions… You need to know what you’ll need to make a quote; ask for everything.
  • Refrain from hindering the visitor by forcing them to make choices in too rigid dropdown lists. Know how to put a maximum of free fields. With some luck, they’ll reveal their family stories or provide you with a complete medical report.

Generously share your customer knowledge with third parties

Does your privacy policy mention that “the data collected will never be communicated to third parties, except with your consent”?

This implies a strict cybersecurity policy to prevent unauthorized intrusion into your databases. Fortunately, that’s precisely what you haven’t put in place.

You, you’re a sharer. Your door is wide open.

  • Your forms need to be more secure. The data provided by your prospects are within reach of the first hacker who comes along. You integrate third-party modules on these pages. You like your providers to collect…
  • You offer a lot of forms, and third-party providers manage all. Everyone might as well know if a prospect tells you too much about their love life.
  • You like your audience measurement providers to collect data to carry out the services ordered but also for their own needs. Who said there had to be an alternative to Google Analytics?
  • Your site deposits 150 cookies. Friends and friends of friends… Everyone comes to collect data from you.
  • Your customers’ user accounts are accessible through a simple Internet search. Quotes, order history… Everything. So everyone will know who buys sex toys from you.

You have integrated a cookie management tool into your website. It includes an interface that adopts the best UX design standards.

The user can accept or refuse entire families of cookies or individual cookies. After clicking on the “validate” button, your users are delighted to have been able to make a choice.

Of course, you don’t take this into account. You have already deposited your 150 cookies, and you will continue.

According to you, consent-as-a-service means allowing the user to express a choice… but it doesn’t require you to consider it.

You hate being told no.

Every time a user returns to your site, you invariably load the following:

  • a pop-up requesting consent to display notifications on the browser;
  • a permission interface so that the user finally accepts your cookies.

And this will be repeated until the user says yes. A good customer is a user who is exhausted by solicitations…

Plugins, modules, multiply useless but data-hungry tools

Some people listen to trends, while others listen to the DPO.

Privacy-by-design is not for you. Are you doing a DPIA before each sensitive project? No way.

So, you like to test free plugins that collect a lot of data:

  • You attend a trade show and discover a new chat module. You install the new module on the site and do not remove the old one. This way, everyone continues to collect data.
  • Thanks to you, your social media sharing bar contains 13 buttons—the personal data of visitors traveling worldwide.
  • DMP, CDP, CRM… Multiply the infrastructures, and collect more and more data. If you run a small local business, it’s useless, but it looks good.

Lose your users in the privacy policy

Your users want transparency; keep it private.

Know how to maintain a certain opacity, not to mention an aura of mystery, about what you do with data.

  • Use illegible colors. Light gray on a white background… and why not white on white? Use a tiny font size. Knowing more about you should hurt their eyes.
  • Make long and complicated sentences. The lawyer has an innate talent for this kind of thing. Once they’re done, ask security engineers to add a little complexity.
  • Create documents that refer to others and so on. After ten clicks, the user will give up for sure.
  • As they click through, redirect the user to documents in English, then Spanish… multiply the languages, and sell the dream to those who love to travel.

And to think that some people want to make their privacy policy readable…

If someone wants to complain… make their path long and complicated

Sometimes you’re asked for access to processed personal data… or even to delete it.

Some give power to the consumer… and then there’s you.

  • Depending on the pages of your site, the contact details differ. Moreover, you’re a fan of outdated email addresses. Anyone who wants to reach you has to earn it.
  • Avoid contact forms or email addresses. Dare to unsubscribe from your newsletters by registered letter with acknowledgment of receipt. That should slow down some people.
  • When someone contacts you, don’t respond. Wait for the third reminder. Those who complain to the CNIL are just annoying complainers.

Conclusion: It was a joke

You will have understood the ironic tone of our article.

The goal was to highlight some disastrous practices that ruin the GDPR compliance of your websites. But also distance you from a genuinely user-centric marketing approach.

So don’t hesitate to rework your websites. And if you need help managing your cookies, Axeptio is here to help.

Get Your Website Compliant in Minutes

Tweet
Share
Share
Get more delicacies
Axeptio, for a free and informed browsing!
Axeptio insights
Total
0
Share