GDPR (General Data Protection Regulation) has been on the lips of everyone for quite some time now, and law firms like Sidley Austin are here to help those in need of keeping GDPR compliance. But why exactly does your business website need to be compliant?
First of all, what is GDPR?
GDPR is the replacement for the 1995 Data Protection Act. It was designed and adapted in 2016 with the aim of protecting how personal information of European Union citizens is collected, stored, and shared. It came into full effect last May.
Who does GDPR apply to?
- GDPR basically applies to anyone who makes use of data and resides in the EU. Even non-European Union citizens will still be affected by GDPR.
- This is because nearly every company that one deals with, especially online, tend to have customers that reside in the EU.
- The driving goal behind GDPR is to ensure that companies who deal with personal information of customers are completely transparent on how they intend to use customers’ info, as well as how such info will be preserved.
- The reason for all this fuss is to guarantee the utmost protection of user data and grant individuals more control of their personal data.
Types of data that the GDPR protects include:
- Basic identifying info, for example, username, given name, address and ID numbers
- Web data, e.g., location, IP address, cookie data and RFID tags
- Health information and genetic details
- Biometric data
- Racial or ethnic data
- Political affiliations and opinions
- Sexual orientation
Why It’s So Important to comply?
As noted above, the GDPR has a good deal of impact on not just EU based entities but extends to every business dealing with clients within the region, and this includes data controllers and processors alike.
Failure to comply with the rules and regulations will attract fines of up to 4% of the global revenue.
Organizations may also have to give up 2% of the global revenue for either failing to maintain the records, failure to inform authorities or users of the breach of the said data.
The GDPR places equal liability on both data controllers and data processors alike. If a company uses a non-compliant third-party, then that organization is effectively non-compliance. Also, organizations are tasked with the burden of informing all of their customers of their rights under GDPR.
How to keep your website GDPR compliant?
- First of all, review all personal customer information that you and your third-party partners collect, store on your website and distribute, and understand what processes are needed to be built into customer experience as well as the risks they may pose.
- Second, ensure your site always asks for and receives consent in clear terms before you collect anyone’s personal data. Implied consent doesn’t count.
- Third, in data processing, ensure to tell people exactly what you are using their data for.
- Fourth, consult your attorney to ensure compliance with all your processes with GDPR, and that personal user info can be removed either after its intended use or on request.
- Fifth, an individual has right to access all of the data that your organization has of them.
Need some help? Contact SOLSNET and we can make sure your website is GDRP compliant so that you don’t have to worry about it.