GDPR Digital Agency

A GDPR digital agency processes personal data on behalf of its clients. It therefore takes on the role of processor within the meaning of the GDPR.

Digital agency and GDPR : What role?

📌 As a matter of law, and in accordance with the General Data Protection Regulation (GDPR), as soon as it processes personal data on behalf of a client, an agency is considered to be a processor of that client , who is considered, in turn, to be the data controller. The latter will have GDPR obligations linked to the fact of having outsourced the processing and management of part of its personal data.

📕 The GDPR has set up a management process that involves all organizations that contribute to the processing and management of personal data. These organizations can be public or private, and this also concerns processors. What's more, the role of the latter is to help data controllers with their GDPR compliance process. Incidentally, the CNIL (National Commission for Information Technology and Civil Liberties) article covers the subject in more detail. 

⚠️ Whether you're a processor or a data controller, There are risks of sanctions if you lack knowledge of the GDPR as you process the personal data of your clients or employees on a daily basis. In other words, when your digital agency isn't GDPR, you risk receiving complaints from your clients and prospects, or from your competitors. And it's worth noting that if you do receive GDPR complaints, they will surely be followed up by an inspection by the CNIL (National Commission for Information Technology and Civil Liberties).

🚀 For more details on the subject, you can book a APPOINTMENT with one of our experts.

It's free! 😉

GDPR compliance as a prerequisite for digital agencies?

📌 In our article dealing with GDPR compliance of a websiteyou'll understand the major importance of a website 's GDPR compliance for any company, whatever its size. It is, in fact, an indispensable resource for communicating about its products/services with the general public.

Depending on your activity and the number of services or brands, the number of websites required may vary.

 💼 Many companies place blind trust in their digital agencies for everything that goes into making a website. This includes technical and semantic optimization, SEO whether natural or paid, UX design... The problem is that even the legal-technical aspects are part of this, even though this is not a digital agency's core business, and they probably don't have the legal competence in-house.

😯 In the event of a CNIL (National Commission for Information Technology and Civil Liberties) ) inspection or, at the very least, a complaint from a prospect, client will, quite naturally, turn to their digital agency to ask what to do. That's why a digital agency that handles the creation of GDPR documents must have a real understanding of the subject, and a solid grounding in it, in order to be able to provide client with the answers they need.

What documents are required to be GDPR compliant?

📌 For your website, digital platform or e-Commerce platform to be GDPR compliant, you should have a few documents at your disposal. On every website, at the bottom, there should be the set of compliance documents and GDPR compliance in particular. This part is called the "Footer".

🔥 At least three links must be present:

• Legal notices which is, by the way, not a rule stemming from the GDPR ;
• Privacy policy ;
• Cookie policy.

In fact, our article GDPR compliance for a website covers the subject in detail.

🚀 Firstly, the main purpose of the Privacy Policy is to inform your users about the personal data you collect. This is one of the fundamental pillars of the GDPR.

In this document, you must provide information on the type of data collected, how it is used, and how long it will be Data retention. In addition, you need to add information on data rights : access to data, and all cases, including the death of the user.

Please note that the privacy policy and the legal disclaimer are two different things. This means that one document does not have to be included in the other.

📕 As is the case for the Privacy Policy, the Cookies Policy must also be separated from any other document. You must therefore create an independent page, and an independent link must be dedicated to it. As its name suggests, the Cookies Policy enables you to inform your users about the categories of cookies present on your website, as well as their nature.

😯 By creating a Cookies Policy and a Privacy Policy, note that you've done 95% of the work of GDPR compliance.

📜 All that's left is the legal disclaimer, and that's only when you have a newsletter or a form that requires registration. In this case, it's mandatory to mention below your form that " by clicking, you agree to receive our newsletter. For further information, please consult our privacy policy. ". And you've got it, you need to insert a link to your Privacy Policy. A document you've already created.  

 💻 Lastly, to ensure compliance, you need to install a cookie banner on your website. The aim here is to summarize your Cookies Policy. On the other hand, the cookies required to display the site (technical) do not require consent. These are tracers that do not require consent. To better understand the difference, please consult our article Cookies banner which covers the subject in detail.

Are digital agencies capable of bringing their clients into GDPR compliance?

 📕 An organization's GDPR compliance approach mainly depends on its activity, its tools and, above all, its practices around the personal data it processes. This is an opportunity for any organization to take a close look at its digital practices and services, so that the protection of personal data is well and truly taken into consideration.

💻 Admittedly, bringing a website, e-commerce platform or digital platform into GDPR compliance isn't extremely complex. On the other hand, for the company owning this site or platform to comply with the General Data Protection Regulation, it must imperatively follow a compliance process.

🔥 On this subject, the CNIL (National Commission for Information Technology and Civil Liberties) states that to be GDPR compliant, any organization must go through a few steps that contribute to achieving compliance. Steps that must be successive and that enable the implementation of actions that must, in turn, endure over time. Our article GDPR Compliance describes the entire GDPR compliance process, with examples.

⚠️ The usefulness of having an internal DPO , or consulting an external one, is becoming increasingly important as soon as personal data is processed. This is why the Dipeeo has set up a GDPR compliance service.

The Dipeeo Document Generator: A service for digital agencies

💼 Given their core business of creating websites for their clients, most digital agencies also undertake to produce GDPR documents and this is true whether for sites, e-Commerce platforms or digital platforms.

🔥 This therefore consists of creating several documents particularly with regard to the privacy policy, cookie policy, legal notices, cookie banner... Documents whose main objective is to comply with GDPR.

 😯 On the other hand, this is a complex subject for digital agencies, since they have no in-house legal expertise. Most of them often choose to copy and paste this information from the websites of companies with similar activities. This results in the delivery of non-compliant documents, with no protection against GDPRrisks...

📌 To find out more about this topic, please contact us, or arrange a APPOINTMENT with us. It's free! 😉

🚀 In addition, Dipeeo will be launching a service that will be available on 01/01/2023 that enables digital agencies to produce all the legal documents for a website themselves and for their clients. This will not only enable GDPR compliance of clients' websites, but also and above all, a very good result in terms of bringing value to end clients . This will save time and improve your digital agency's brand image.

📌 All this and more, thanks to the Dipeeo Document Generator !

Dipeeo: an outsourced DPO who handles all GDPR issues for you

This will save you time and secure your business, at a cost almost 3 times lower than a law firm.