A directive a European Union has started to make waves among website owners, bloggers and especially among companies that own online shops or other platforms that involve collecting, storage and data manipulation with personal character / confidential user.
What is GDPR (General Data Protection Regulation)?
introduction GDPR (General Data Protection Regulation) from 25 to 2018, implies major changes in terms of the storage of personal data and its handling by organizations and companies. For everyone’s sake, the new regulation requires strict rules for companies and individuals who store personal data of customers, users or business partners, etc. people interacting. The law applies both online and offline, providing more transparency and control over people whose data is stored and processed.
With the introduction of GDPR, any person has the right to know if a company processes their personal data, the purpose for which they have used si how to secure these data in order not to reach third parties or entities. At the same time, people are given access to stored information with the possible modification thereof or even deletion.
GDPR: Consent on data storage and the purposes for which it will be used
According to GDPR, people need to be well informed when they give their consent to data processing. The processor has to inform the person both the data that will be stored and the consent for each data sphere.
Prior to GDPR, things were totally different. A simple check mark provided by default allowed the processor to use our personal data for what purposes he wanted without being held accountable.
If you have been in a situation to be contacted by N firms health insurance or other types of insurance after you have an open account with a bank, this will not happen after GDPR’s entry into force unless you specifically specify that you want offers from the bank’s collaborators and partners. If you have given your consent and after a while, you have changed your mind, the processor must provide support by which you can withdraw it very easily at any time.
In the next period, banks will also have to send notifications to all clients asking them to store and process their personal carriage data.
Same Consent must also be obtained from online stores, websites that store personal information, forums, or other online platforms that involve the storage of user data.
If we take the case online, first and foremost, even if you do not own the online store, you will be informed from the first time about your stored data. Types of HTTP cookies retained by a website, codes tracking online behaviour (Google Analytics, Google AdSense, Facebook, etc.) logs in which your IP is stored and other information about everything related to your identity online.
When choosing to order a product, the company that owns the online store will not ask for it more personal data than needed to process your order and will not use your email address or phone number in marketing purposes if you do not get your consent for these practices. If you created an account when you made an order, you have the right to access your personal account information at any time, modify it or delete it.
Subscribe to newsletters it will be done only with the explicit consent of the user, with the option of unsubscribing at any time.
Another important requirement of GDPR is the period during which personal data can be stored. It can no longer be stored indefinitely as it used to be but over an exact period of time.
GDPR: Security of personal data
GDPR places great emphasis on the privacy of users’ privacy. The company must ensure high-security standards based on the sensitivity of stored data. Pseudonymization, encryption and clear appointment of staff who will have access to personal data. The company will notify the authorities of the persons designated to process and manipulate personal data.
In the case of a security breach, the company will announce within 72 hours both the authorized authorities and the persons affected by this information leak. An Impact Report will also be carried out assessing the risks and damages to persons whose information has been stolen/evaded to third parties.
DPO – Data Protection Officer
Who can be DPO? Well, from what we understand, the DPO cannot be a person inside the company because it is a conflict of interest. I need to have a person outside the company, to have a thorough knowledge of European legislation, internal legislation and IT data storage techniques. He may be an IT lawyer or a server administrator who learns legislation.
With regard to DPO / GDPR, many “specialized” companies have emerged overnight online in this legislation. Some with “experience” for years in implementing regulations that did not even exist until 2016.
Greater attention should be given to companies that receive such offers from these firms or people who recommend them as GDPR and DPO experts. Most are just created to speculate this new regulation for revenue-enhancing purposes. So beware if you represent a company and you have received such offers.
Sanctions in case of non-compliance with GDPR regulations
Sanctions apply equally to all countries within the European Union area by the competent administrations of each country. These sanctions will be applied gradually depending on the severity and impact of non-compliance with the GDPR regulation. As far as we can see, these sanctions can go up to 4% of your turnover of the company targeted by the sanction. Sanctions may be appealed and may be the subject of legal proceedings.
GDPR on-line – Blogs, Online Stores or other websites
- Who owns the website or the online store
- What personal data are collected and why they are collected
- Cookies – lists the cookies that the website uses, including social and analysis networks. (Facebook, Google Analytics, Twitter, etc.)
- Who are the third parties who have access to personal data and for what purposes?
- The contact details of the company owning the website / online store
- The amount of time that personal data is stored
- Simple methods for users to delete or export their personal data on the site
- How is personal data stored?
- Rights and obligations of users
Regulation (EU) 2016 / 679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95 / 46 / CE (General Regulation on data protection)
What are personal data
Any information by which a person becomes identifiable such as name, phone number, email address, location, IP address of the computer/smartphone/tablet, MAC address of the network card, physical, physiological, genetic, psychic, economic, cultural, social, political and other.