Learn more about personal data new regulations and what your business can do about it.
Beginning on May 25, 2018, the European Union (EU) has instituted the General Data Protection Regulation (GDPR).
All the companies, regardless the country where they are located, must comply with this new regulation for the personal data of any EU citizen and of anyone living in the EU.
The consequence on non-compliance are significant, includes fines up to 20 Million Euros.
What is personal data?
Personal data is any information related to a natural person or “data subject” that can be used to directly or indirectly identify the person. Some examples: name, mailing address, email address, photo, ip address, bank details. Any piece of information about a person by itself that can be used directly or indirectly to identify a person is considered personal data and must handle it in a secure manner.
Some things to consider:
- When handling personal data, it is critical that you use the data only for a purpose that is “… compatible with the purpose from which the personal data was initially collected”. Example: a customer purchase a meal to delivered to their home and provides his mailing address. The company can only share the address with the post office. The company cannot share it with other companies unless the customer specifically given permission to the share their address. This permission must be given with the “opt-out” as the default.
- Keep it only as long as needed
- Personal data must be stored in secured places. It cannot be stored in unsecured places such as Google docs, dropbox; linked in, survey Monkey, slide share. You can use One Drive or Share point for example or a secured mail.
- Personal Data should never be printed or downloaded to a removable media unless encrypted.
What can you do?
- Review and update your privacy policy. You must communicate to individuals the legal basis for processing data, retention periods, the right to complain when customers are unhappy with your implementation, whether their data will be subject to automated decision making and their right under GDPR.
- Make sure your customer must check a box (opt-ins) to subscribe and is not a passive opt-n that is already pre-checked.
- Each checkbox email should be accompanied by a clear explanation of the planned usage.
- If your customers are downloading resources from your website, you need to ask for separate permission to process their data for other purposes, like sending a newsletter or marketing information.
This blog is purely for information, please contact your local legal advisor for legal guidance. To read more about the regulations, go to the following link
https://eugdpr.org/key-changes.html
https://www.codeinwp.com/blog/gdpr-compliance/
Click here To read our updated privacy policy.
0 Comments