Weebly has been diligently working to make sure that we are fully compliant with the European Union’s (EU) General Data Protection Regulation (GDPR), which comes into effect on May 25th, 2018. To further support you and your customers’ preparation towards compliance, we wanted to give you an update regarding the new tools and features we’ve built to support the GDPR.

Processing Data Subject Rights Requests

A major component of the GDPR gives site users the right to access, correct, port and erase their personal data. To support the processing of these users’ rights requests on behalf of any site in your Weebly Cloud account, Weebly has implemented the following process for all Cloud partners:

  1. Site user makes request to Site Owner.
  2. Site Owner makes request to Weebly Partner.
  3. Weebly Partner authenticates and confirms request.
  4. Weebly Partner sends request to Weebly via the Cloud Admin Ticket submission form.
  5. Weebly handles request within scope of Weebly Partner’s sites and passes details/export to Weebly Partner.
  6. Weebly Partner follows up with Site Owner or Site User.

There will be no mechanism for your Site Owners, or their site users to submit rights requests to Weebly directly. Also, while site owners can delete some user data directly in the product, they must submit a rights request to ensure that the user’s personal data is fully removed from our system. Weebly will fulfill rights requests within the time limit enforced by the GDPR, which is 30 days.

Weebly will automatically display a cookie notification banner on published sites (site owners can configure whether to show the banner only to EU IP address or all visitors of their site).

Until the site visitor consents to the use of cookies through this banner, cookie-setting functionality will not work on the published site – including any new cookies that installed App Center apps, or your own Cloud Apps may attempt to set.

Cookie Banner at the bottom of a web page

If installed App Center apps, or, your own Cloud Apps rely on published site cookies, they may be impacted by this change. Cookie functionality will be restored on the next page load after the site user’s cookie consent is obtained.

The cookie banner will also contain a link to youronlinechoices.eu, which provides site users in the EU with information about cookies, and the steps they can take to protect their privacy on the Internet. The cookie banner also allows site owners to add their privacy policy to the banner so that their visitors can use that as a reference for how their data is processed.

Allows a Site Owner to create a cookie opt out on a page. The element includes a button and a paragraph with disclaimer text above a button labeled “Opt Out of Cookies.” On published sites, if a site’s user has accepted cookies via our new cookie banner, they can use the new Opt-Out Element to opt-out at any time. Once they have opted out, the message in the element button will change, and the new cookie banner will once again be placed over the page, prompting them to accept.

Cookie Opt-Out element

Updates to Weebly’s Form and Newsletter Elements

Because many Site Owners choose to collect Site User information with Weebly forms, we are adding an opt-in feature to these forms. Site Owners will now have the ability to enable an opt-in checkbox with compliance language, and to make this opt-in is required for submission.

Opt-in option for forms

Updated Buyer Address Options for Store Checkout

Provides sellers with the option of not collecting the buyer address under certain circumstances, such as when selling digital products.

Considerations Regarding Site Stats

There is a chance that Site Stats for sites with a lot of EU visitors might drop due to these users opting to disable cookies.

GDPR Considerations for Your Site Owners

As your customers prepare to update their sites to prepare for GDPR, Site Owners collecting customer data will be directed to add a Privacy Policy to their website. If they already have one, they should ask an attorney, or a GDPR consultant, to review the terms to make sure it complies with the expanded requirements under GDPR.

Additionally, we suggest that they evaluate any third-party apps and vendors for compliance. If they are using any third-party services to gather or process customer data, they will need to check with those companies to verify they are GDPR compliant and will assist them with, among other things, site users’ data removal and portability requests.

GDPR Considerations for Your Weebly Cloud Apps

If you have built and deployed private Cloud Apps to any of your sites that are located in the EU, and your app uses “consent” as the lawful basis for data processing, the GDPR may require that you obtain conspicuous and affirmative end user consent before any personal data may be collected, transported, or used (to the extent originating from an end user located in the EU). Your app’s interface must include a data usage consent form so users know exactly how your app will use their personal data.

Weebly Cloud developers who are also data controllers are responsible for the protection of consumer data, no matter where it eventually resides. Please consult an attorney or take extra caution when launching software with known vulnerabilities and/or storing data. Likewise the GDPR may be relevant when your app uses code for data processing.

Additional Information

We have published new content to the Weebly Help Center to help you understand and prepare for GDPR. While written for a Weebly’s direct customers, this content may also be relevant to you.

Moving Forward

We want to make sure that you and your customers are confident heading into May 25th, so if you have any questions about Weebly’s GDPR readiness, please reach out to your designated account manager, or business development contact, and we will be happy to help.

Please note that the information provided above is for general informational purposes only and does not constitute legal advice; it has not been prepared with your specific circumstances in mind and therefore may not be suitable for use in your business. By relying on the information contained in this message, you assume all risk and liability that may result.

Nothing in this article or the links provided herein constitutes legal advice. Please consult an attorney for recommendations on GDPR compliance for your site.

You can find the Weebly Data Processing Agreement here.

Help make these docs better!