GDPR

On: Comment: 0 Hit: 561
App icon

New GDPR Law
(General Data Protection Regulation)

Are you wondering if future GDPR legislation will have any impact on how you collect customer data?
We have to warn you, it will certainly have.

Image

This is the most rigorous data privacy law ever introduced. It will affect all businesses dealing with customers within the European Union, not only the EU-based companies. This law is scheduled to enter into force on May 25, 2018. If you want to avoid large fines (in some cases up to 4% of your company's annual turnover or 20 million euros, whichever is big!), It's time to adapt your data processing policy to EU requirements.

image

What are personal data?

Any information relating to an identified or identifiable individual. An identifiable individual is one that can be identified, directly or indirectly, particularly by reference to an identifier, such as a name, an identification number or a location.

GDPR treats online identification and location data as personal data, so they require that they be protected in the same way as other identifiers, such as information about a person's genetic, economic or psychological identity. Cookies are included in the field of online identifiers as well!

GDPR affirms that all cookies may be considered personal data if there is the potential to use them to identify a person.

Basics GDPR rules:
A person must receive accurate information about all relevant aspects such as the type of data to be collected or processed and for what purpose. The agreement is necessary for the processing of particularly sensitive data.

.

The right to be forgotten

All subjects have the right to withdraw their data from a database upon request.

.

Sanctions

Violation of the law may result in fines up to 20 million euros.

.

If you break the law

The data operator must inform users within 72 hours of data breach or hacking.

.

Parental Agreement

Companies can not collect data from children under 16 without verifiable parental consent.

.

Data Protection Officer

If a company manages a large amount of sensitive data, it will be required to appoint a data protection officer.

.

The request must be easy to understand

The application for user approval for data processing must be made in an easily, accessible and written form, simple language.

image

From now on, you will need the users' contribution.
Once the new law enters into force, you will need to provide users with a clear, informative and unambiguous indication through which they can express their consent to the processing of personal data.

In GDPR, there are many clues as to what best practices should look like when looking at web analytics. We will try to summarize them for you and present them as steps you can follow to prepare your web analytics for future legislation:


Your visitors should be able to give up at any time
Even after you have obtained valid visitor approval, you must provide an easy way to change their mind. It should be as easy to withdraw the consent as it is to give it. The person concerned has the right to withdraw his / her consent at any time. This does not affect the lawfulness of the processing on the basis of consent prior to its withdrawal. Before making a contribution, the data subject must be informed of this.

image

What you need to know now is that the decision on how you want to apply these rules and respond to your users' requests depends on you. But it goes without saying that the best web analytics service provider should assist in fulfilling the obligations that will impose GDPR.
How to Find out if your business partner has an ear on the spot and is properly prepared for future legislation?
We advise you to contact your web analytics distributor and check how they will address this issue. If they can not answer your questions, it's time to think about finding another solution

It's time to act now!
GDPR will impact both data controllers (e.g., a company) and data processors (e.g., cloud provider). It was created to act in the interest of targeted individuals (for example, clients or visitors to your site). The new regulations concern not only European companies that work with personal data, but also any other non-EU company wishing to offer its services to its customers in Europe. Their privacy policy must be based on the new conditions presented by the European Commission.

Comments

Leave your comment