GDPR, General Regulation on data protection, all you need to know to put you in good standing

In case of violation of GDPR, companies risk fines of up to 20 million euro or the 4% the entire annual turnover of a company

From 25 May 2018 It will enter into force in Italy the new legislation on data protection (GDPR - EU Regulation. 679/2016) to adapt the rules on the protection of personal data to the new economic and social context.

The aim is to strengthen the technical and organizational measures to give a 'proper data security by reducing the risk of leakage or theft, thus avoiding to violate the privacy of citizens.

What is GDPR (General data Protection Regulation) and what changes for companies.

The general rules on data protection was adopted by the European Parliament in April 2016 "To strengthen and make the protection of personal data more homogeneous". The provisions strengthen data protection and must be respected both by companies based in the EU, both those who are based outside of it but which address data of nationals of a Member State.

All companies that process personal data must necessarily adopt the figure of Data Protection Officer and a register of processing operations so that it can be supervised by the Guarantor. The owner of the data must also adopt an incident Registry where all cases of violation or data corruption will be noted in order to prevent future accidents and improve safety measures.

The new regulation introduces a principle recognized by the Privacy: the principle of accountability, which states that it will be for the companies or authorities which own citizens' data to keep an attitude that goes toward their preservation.

The GDPR also deals data breach: it comes to loss, modification, breach or unauthorized access to data; in this case the data controller is obliged to inform the infringer the supervisory authority within 72 hours from the time when it came to knowledge.

If there is a high risk for the rights and freedoms of data subjects, These should be advised without delay. The GDPR, Furthermore, introduces the right to be forgotten: the interested party may request deletion of your personal data and the data controller, even after they have been made public, They have an obligation to inform the request for cancellation other holders who have access to the same data subject to delete them.

Why is it important to adjust their operations to GDPR?

If your site serves individuals from the EU and you, or integrated third-party services, such as Google and Facebook, process any type of personal information, you need to follow all the new rules that have to do with the consent of visitors (such as the data request form and tracking the visit with web analytics toolss), the legislation that buy banners on the website and the information privacy. If there are instances of cyber attacks or thefts, It must verify that the company has put in place the protections and the appropriate procedures.

In case of violation of GDPR, companies risk penalties of up to 20 million euro or the 4% the entire annual revenue. Add to that the risk of reputational damage company.

To design and / or adapt an existing website to Regulation GDPR?

practical suggestions:

You are afraid of the risk that the entry into force of GDPR could bring? Do you feel you ancge of multi millionaires coming for those who do not fit? Well, If you're reading this at least you're wondering about what are the practices to be implemented to ensure that you are not forced to pay millions in fines and then close shop.

But first things first and let's examine the two possible cases: develop a new site from scratch; update and adapt an existing website.

If you are about to develop a new website will be sufficient to follow and obey immediately all the instructions contained in the GDPR keeping in mind the principles of “Privacy by design” e “Privacy by default. This is still the simplest case, however, and in order not to risk anything will be enough to consult a specialist who will guide you step by step.

Case study different is instead that for the upgrading of an existing website. If you already have a website that performs processing of personal data is in fact appropriate to take action as soon as possible and evaluate interventions to load the following items:

Contact Forms.
To make Vs.. forms corresponding to GDPR is important, first of all, add the appropriate references – if they are not already present – to your privacy policy (to be rewritten following the directives GDPR). With the entry into force of GDPR the user must explicitly agree to the processing of your personal data, eg, by checking on the appropriate checkbox. If the purpose of the module is to enable the contact, the data may be held and managed only to carry out this purpose no later than. E’ also it is forbidden to ask the obligatory consent to data processing is not necessary for the purposes indicated.

Registration Forms / Aree private.
If Vs.. website hosting registration forms, Adaptation to GDPR might be far from painless. In this case you should check that the vs. System integrates some features, and in particular that it is always allowed user:

access their data;

change your data;

modify their consent in relation to / the treatment / s made from the site;

unsubscribe (and all your data).

E’ also necessary to ensure that data processed, following consents obtained before the entry into force of GDPR, comply with the requirements of the new legislation in relation to, often cited, principles “Privacy by design” e “Privacy by default”, otherwise it will be necessary to plan structural interventions aimed at adapting its technological infrastructure.

In this case you must inform users of all those who will be informed of the data and verify that the application does not carry some kind of user profiling.

Mass hand to the web site structure our actions are not in any case concluded. Nearly all websites in fact integrate an access measurement system. The most famous (and used) among these it is certainly Google Analytics. In this case the GDPR rules oblige us to adequately inform the user before tracking (in other words, the IP registration access must take place after the user has given consent in the manner and within the terms already seen previously). If you do not want to go down this road will still need to anonymize the IP, so as to transform the Analytics activity takes statistical value and no longer covered by the definition of “personal information”.

Banner advertising.
With the entry into force of GDPR, publishers using AdSense will make changes to their websites, in order to obtain prior consent from the user about any profiling tools and ad personalization.

The use of widgets like, eg, maps, video or social buttons, It will have some impact in optical GDPR. In this case, the website operator is required to obtain your consent about any transactions made by third parties.

With GDPR closes the era of indiscriminate spam, emails sent to contacts drawn randomly. If a user accepts the processing of their data to receive news ONLY, you can no longer send advertising messages. Every purpose requires explicit consent (for which, in the case of email marketing, the system of the double opt-in continues to be the preferable solution). But what to do with “older lists”, that is, with lists of email addresses collected before GDPR? Definitely not be thrown but, in the light of the reform, it seems appropriate to send an informative email to all contacts to reassure the recipient about the use of your data and the objectives pursued by the list manager.

Management of private areas: What changes with the GDPR?

In the case of private areas it will be necessary to draw up a diary that records all events related to the personal data in order to have proof of each activity.


online payment merchant tools “Paypal, credit card, Postepay”


Paypal, credit card, Postepay: all the features of the leading online payment instruments

After an initial period of loss, Also Italians seem to be beginning to appreciate the ability to make online purchases.

According to recent studies it is estimated that in Italy are at least 14 million online shoppers, a sector experiencing growth 13,5% compared to a few months ago for a value of approximately 11 billion euro turnover.

Sure although growing, online payments, such as paypal, in Italy they are seen even with one eye, perhaps, overly critical. Italians fact, to review the latest research carried out, Trust still little of the credit cards and online tools.

What are the most popular online payment methods: Short Guide from Paypal, credit card, Mobile Payment etc ...

The credit card is now definitely the online payment method among the most used by Italians. Ensures practicality and safety. For some time now also we feature some special types of credit cards suitable for online purchases. In the market you can gain rechargeable credit cards where the owner will charge only a certain amount of money that can be used.

A safe tool in the event of fraud because the attacker could just steal any remaining credit. The banks also provide a recent special dedicated credit card for online shopping that allow you to create virtual credit cards working for a single transaction, and with limited amounts of money to use for safe purchases.

PayPal and online payment tools
PayPal is a very safe online payment system increasingly used and appreciated by Internet users. The PayPal works is very similar to that of a regular checking account. Open an account will be possible to send and receive money, make transfers and buy online. The strength of the transaction with PayPal is definitely a very high safety factor online.

If it does not get the goods purchased or for other various reasons and you should receive a different product from the one purchased, PayPal fully refund the price paid. To receive a refund, simply follow a few simple rules and opening a dispute within 45 days from the date of purchase. PayPal's future will feature new services more user oriented, including the recent opportunity to apply for a credit card, with lower operating costs, Rechargeable be used for shopping. curiously, PayPal, It is owned by eBay, as a matter of competition, It is not accepted everywhere. For example, because of competition issues, This form of payment is not accepted at Amazon.

Mobile Payment.
The new frontier of online shopping is represented by the Mobile Payment, a tool with which you can make purchases paying directly from your smartphone. Purchases can be made online through dedicated applications such as eBay or Amazon, or in physical stores using the phone as a credit card. In this second case to make the payment, their smartphone will be equipped with NFC (Near Field Communication) that dialogue with special POS holds merchants to end the transaction.

SSL certificates and "penalties" on search engines: but your site is secure?

From January 1 2017 Google "penalizes" all those sites that are devoid of SSL certificates, reporting them as unsafe and varying their position in search results

Google declares war on the "unsafe sites", and does so by penalizing all those sites, devoid of SSL certificates, where you can register with sensitive data such as passwords, or where you can pay by credit card, with no guarantee that the environment in which you are browsing.

"Much of our work is to make sure that the websites are safe. For these reasons we are starting to use HTTPS as a ranking signal, because we would like to encourage all website owners to switch from HTTP to HTTPS, to make sure that everyone on the web are safe "Google

sure, one can not speak of "bolt from the blue" obvious, the news was in the air for several months, and all members of the trade, we say, who expected a move like this from Google. In particular Google Chrome, leader among the world's browser, When you bump into a site considered dangerous, will warn the user that the site where is sailing is not safe and therefore is not recommended continuing with the registration or with the payment. A message which may lead to a collapse of visits to your site. Resulting in the collapse of conversions.

SSL certificates

And if that still is not enough, know that the penalty imposed by Google will also touch more purely tec aspects. As the position of your website on search engines. Google will in fact penalize the location of all those sites still HTTP and go instead to "reward" those sites that are already switched to a type of safety protocol HTTPS.

In addition to damage the ranking of sites on search engines, having or not SSL certificates It will be in the coming months and years, a secure distinction from the point of view of perception and trust of users.

You never would buy on a site considered by Google as unsafe?

The safe sites and provided with SSL certificates indeed, They will also be graphically different and distinguishable from those unsafe. Viewing a search SERP fact websites with HTTPS will see their status secure certificate with a green padlock, while considered dangerous sites will be accompanied by a red "NOT SECURE".

If you have an online site does not have a SSL certificate and you do not want to risk losing customers and possible visits, you can contact us at Within hours, your website and your business will be safer.