There comes a general rule of data protection or GDPR. With the help of this law, the EU is strengthening and unifying the protection of personal data of all persons in the European Union.
That’s what it means, how it will affect people and business – and how to prepare for it.
What does GDPR mean?
General provisions on data protection. GDPR (General Data Protection Regulation) – the EU regulation on the protection of personal data of its residents. This document leaves a significant imprint on how the online business will operate not only in the European Union, but also in Ukraine.
If the company violates the Rules, it can be fined up to 4% of its annual global turnover (the company’s global turnover, a figure that for some may mean billions) or to 20 million euros.
A reduction of a fine of 10,000,000 euros, or two percent of total sales, will apply to companies that do not properly process data in other ways. These include, but are not limited to, non-disclosure of data infringement, inability to build confidentiality on the design principle and provide data protection in the first phase of the project and meet the requirements by appointing a data protection officer – if the organization is one of those required by the GDPR.
In January 2012, the European Commission developed plans to reform data protection in the European Union in order to make Europe “suitable for the digital age”. After almost four years, an agreement was reached on what exactly was involved and how it would be applied.
- How to prepare the site for work in the GDPR?
- What changes should be made to the functionality of the site, the design of the web resource?
- How to properly prepare the Privacy Policy in order to meet the new requirements, require force May 25, 2018 in the General Regulation on Data Protection of the EU (GDPR)?
- Are cookies considered to be personal data?
- How to build relationships with third-party services (Google Analytics, MailChimp, etc.) that have data from your users?
- Data about clients is better never to be stored in databases of a site?
- How now to accept online payments on the site?
- What is DPO and does it need your business?
In fact, almost all aspects of our life revolve around data. From social media companies, to banks, retailers and governments – virtually every service we use involves the collection and analysis of our personal data. Your name, address, credit card number, etc., all collected, analyzed and, most importantly, stored by organizations.
GGNRI provides EU individuals with more control over the use of their data and establishes certain obligations to enterprises and pidpiemtsyamy that process information about these individuals. It is necessary to update the Privacy Policy and notify all users of the site (that they left their data for feedback) in order to take into account the new requirements of the GDPR.
The GDPR establishes a single law throughout the continent and a single set of rules that apply to companies doing business in the EU member states. This means that the coverage of legislation extends further than the borders of Europe itself, since international organizations are located outside the region, but activities on “European soil” will still have to be observed.
Data Protection Officer
Under the terms of the GDPR, the organization must appoint a data protection officer (DPO), if it implements large-scale processing of special categories of data, conducts large-scale monitoring of individuals such as behavior tracking or a government agency.
As for state bodies, only one DPO can be appointed in the group of organizations. Despite the fact that for organizations that do not participate in the above, there are no DPOs appointed, all organizations will need to ensure their skills and personnel necessary to be compatible with the legislation of the GDPR.
The impossibility of appointing a data protection worker, if required by the GGNRI, can be considered a non-compliance and lead to a fine.
Consumers will be promised easy access to their personal data on how it is handled, with organizations telling that they need to describe in detail how they use customer information clearly and clearly. Also sending emails to customers information on how their data is used, and giving them the opportunity to refuse if they do not give their consent to participate from it. It is also possible to contact clients to ask if they want to be part of their database. In these circumstances, the client should receive a way to refuse detailed information on the mailing list.
Organizations will be required to report any violations that are likely to lead to a risk to human rights and freedoms and lead to discrimination, damage to reputation, financial loss, loss of confidentiality or any other economic or social shortcomings. This will need to be done through alerts about violations that must be delivered directly to the victims. This information may not be transmitted only in a press release, on social networks or on the company’s website. This should be a one-to-one correspondence with those who have touched it.
Add more information about the features that you offer, and how you use the information you collect to improve your experience with the site.
Add additional information about the information we collect and how it is sometimes used with third parties to improve your experience with the site.
Add a new agreement procedure for EU members to again take part in the use of your site or platform.
Another recommendation, update perhaps some sections of the Privacy Policy to make them more understandable and concise.
Enter the date of the recruitment force by your new privacy policy provided that the improved data protection rights in the Policy that are required by the GGNRI come into force on May 25, 2018 for all EU resident users who are individuals. Also, let users know that if they object to the Policy after the valid date, they can close their account.
It will be better if the notice is also in the e-mails of the site, like “Taking into account the above corrections is only the most important points, we recommend that you read the fully updated Privacy Policy (link) to make sure that you understand these changes.”
The GDPR will be applied to the European Union from May 25, 2018, and all member countries are expected to transfer it with their national legislation until May 6, 2018. Then, the new GDPR data storage settings begin to operate.
SUPPORT OF GDPR REQUIREMENTS FOR THE SITE FOR CMS WORDPRESS, JOOMLA OR DRUPAL
Does your site work for CMS WordPress, Joomla or Drupal? Therefore, the fastest way is to install a commercial plug-in of your website’s readiness for the GDPR. The price is 20-45 $. The solution will soon be available for CMS Magento, PrestaShop, OpenCart, Bitrix, Cs-Cart, MODX.
In other cases – contact, it is always possible to think of something. Implement this in the finalization of your site for technical assignment.