The General Data Protection Regulation (GDPR) standardizes data protection law across the entire European Union (EU) and European Economic Area (EEA) to better protect users’ personal data and digital privacy. The regulation went into effect on May 25, 2018. The GDPR applies to any business, regardless of location, that offers products or services to citizens of the EU and/or has web traffic from the EU.
Important highlights from this new regulation:
Many of these conditions can be met with a thorough and clear privacy notice.
Your terms and conditions must be concise, transparent and easily accessible to visitors to notify them of your data collection.
The GDPR requires companies to initially and purposefully design their systems with the proper security protocols. If you fail to design your data collection systems correctly, your organization could receive a fine.
Right to Data Access
Site visitors have the right to request their data profile. If they do so, you must provide a complete and free electronic copy of the data that you’ve collected on them and how you’ve used it.
Right to Data Deletion
After someone receives this data, he or she has the right to request that it is totally erased.
Potential Data Protection Officers
Depending on the size of your organization and how you currently collect and use digital data, you may need to appoint a data protection officer (DPO).