Soon, on May 25, 2018, the EU regulation on the protection of personal data, known as GDPR , will come into force . It will replace the currently applicable provisions of GIODO (Inspector General for Personal Data Protection).
What is GDPR and who does it apply to?
The General Data Protection Regulation , abbreviated as GDPR, will introduce uniform data processing and free flow within the European Union.
It will apply to all entities (private and public) that collect or use personal data. The legal form of the business is irrelevant here.
The new regulation will not only apply to those who process data for personal purposes.
It will apply not only to companies, but also to websites. Administrators will have to introduce new security mechanisms. It is necessary to take into account not only data consisting of basic elements, but also those by which a specific natural person can be identified.
New rights and obligations
As the owner of a website or online store after the introduction of personal data protection, you will have to follow the following rules:
the right to be forgotten - a person whose data is in your system may request their complete deletion
the right to transfer data - the user of your website may request the transfer of his or her data to another administrator
privacy by design - designing company systems in such a way that they achieve the highest possible level of user confidentiality
information obligation - in the event of data theft, you must inform the related persons as soon as possible. no later than 72 hours after reporting the breach
new consents - when receiving personal data, you must uzbekistan b2b leads have consent to their processing, which may be withdrawn at any time
contact form - in many cases, it is enough to add one rule containing consent to data processing
newsletter - the user must consent to the processing of his or her data for information or marketing purposes
user registration - requires the collection and storage of personal data by the company system. where the user must be able to view them and withdraw consent to their processing
risk of financial penalty - in the event of breaking the regulations, the administrator will be subject to a high financial penalty.
GDPR on websites
Most websites today conduct online marketing and collect user data. Due to this fact, it will be necessary to place information clauses explaining the purpose of processing personal data.
They should contain information about possible customer profiling or remarketing .
The regulation requires the name of the supplier and the technology used in the case of using analytical tools. It also mentions the need to provide user rights and to designate a person to whom they could contact, the so-called personal data inspector .
Until now, information about the cookie policy or privacy policy was visible on the websites. GDPR contains information related to both of them in its content. Website security matters will be subject to the responsibility of the owner, who has the possibility of cooperating with interactive agencies.
GDPR and running an online store
As you might guess, the new regulations will also affect the e-commerce industry . The regulation lists a lot of information that must be made available to the person whose data it concerns. The GDPR provides detailed guidelines that must be followed when processing personal data.
When talking about online stores, special emphasis is placed on informing the user about their rights and the processing of their data. It is required that the information provided be visible, short and written in plain language.
Another principle important for online sellers is data minimization. You should store the data that is necessary and for a specified period. This will help avoid processing unnecessary data.
Penalties for non-compliance with GDPR regulations
With the expiry of May 25, 2018, entrepreneurs and website administrators are not only to be familiar with the regulation. From that day on, data must be processed in accordance with the rules. Therefore, one should expect a possible inspection. It will be carried out by the Inspector of the Supervisory Authority. Failure to comply with the obligations is subject to a financial penalty.
The penalty is up to EUR 10 million , and in the case of an enterprise up to 2% of the total annual global turnover from the previous year. It may also affect (in the case of violations of the regulations on certification) the certifying entity. The following violations are subject to.