The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection & privacy for all individuals within the European Union. It was approved by the European Parliament on 14th April, 2016 and its coming into effect on 25th May, 2018. It applies to all companies that process personal data about individuals in the EU, regardless of where the company is based. Processing is defined broadly and refers to anything related to personal data, including how a company handles and manages data, such as collecting, storing, using and destroying data.
In this, Companies need to ask for their data in a clear and accessible way .i.e. after the amendment of this rule, any organization handling European’s data should use client’s data with his permission and inform him about its usage at every point, otherwise that organization will get affected. The Social Network’s GDPR preparations are focused on three cornerstone commitments: Transparency, control and accountability. The EU Guidance outlines four main requirements for Cookie Consent Guide for Sites and Apps.
-
Specific and based on appropriate information
-
Given before using cookies or other storage technology to collect information
-
Unambiguous
-
Freely given
Examples of publishers who might need consent:
-
A retail website that uses cookies to collect information about the products people view on the site in order to target ads to people based on their activity on the site
-
A blog that uses an analytics provider who uses cookies to capture aggregate demographic info about its readers
-
A news media website that uses a third-party ad server to display ads, when the third party uses cookies to collect information about who views those ads
-
A Facebook advertiser who installs the Facebook or Atlas pixel on its website in order to measure ad conversions or retarget advertisements on Facebook
Hope, this makes you bit clear about GDPR. Now, let us share few important tips to be GDPR complaint and avoid fines.
Tips to avoid fines:
-
Organize the data: This means all the data stored of customer are organized well and accessible to customer, whenever required. This will help you to provide data to investigator, if any compliance audit happens.
-
Make sure data is secure: To do this, you need start checking on data security and possible threats of data theft. You need to have a check on anti-virus software, firewall etc. Also, the hard copies of data need to be in secured. Also, record the safety measures you have put in place.
-
Don’t keep unnecessary data: You can’t hold any data without any logical reason. So, in case you have any data which is without consent or of no use, destroy it.
-
Write a clear fair data processing policy: This you would already have in the form of privacy policy. Now, you need to amend it in a way that user can easily read about the data collected, source of data collection, reason of data collection, the processing done over it, with whom it will be shared, will it affect individual concerned and time limit to use the data. Write this in a layman terms and avoid using jargons.
-
Have a process for providing information you have on a person: A process is necessary to be made through which users can access the information stored about them.
-
Have a process for deleting data: So, if someone asks to delete their data, a process should be in place, through which it can be done with no residual left. It is a compliance to delete the data, if user wants that to be done.
-
Allow people to “positively opt in” to you storing their data: If you planning to use their data for marketing, then they should be asked to opt for that activity. It cannot be like a pre-tick box, where user just needs to click on “Yes I agree”. But now, user needs to tick on data points they want to share. Also, have an evidence of the opt-in. Also, use layered opt-in form.
-
Make it easy opt-out: User should be easily able to opt out of your marketing activities. Like, if you are sending an e-mail, make sure you add footer with a link to unsubscribe.
-
Ask old users to opt-in again: All past customers, whose data is already on your system, should be sent a notification to opt-in to continue using their data.