GDPR is an acronym that stands for General Data Protection Regulation.
Basically, this is a series of robust data privacy laws that were crafted by the European Union to ensure the personal data of its citizens is protected by companies and organisations that operate in the EU and process personal user data. Examples of personal user data include name, email address, location data, IP address, social security number, sexual orientation, race, political beliefs e.t.c.
While on the surface GDPR only affects companies and organisations operating in the EU, upon closer inspection its scope is extraterritorial. This means there are instances where it can apply to any company in any part of the world. For instance, according to the laws, any company that offers a service or goods to individuals in the EU, regardless of whether payment is made for said goods or services shall be subject to these laws.
As an online entrepreneur, chances are that at one point or another you will serve the EU demographic in one way, as any property online is accessible to people from anywhere in the world. For this reason it is wise to make your website GDPR compliant.
GDPR Compliance – How To Get Ready.
Under GDPR, EU citizens have 8 basic rights. The compliance requirements for online entrepreneurs stem mainly from these basic rights. As a webmaster, here are some obligations you will need to fulfil for your platform to be considered GDPR compliant.
1. The right to be informed.
As a website owner you are required to inform your customers of any data breach within a period of 72 hours. Failure to do so will result in heavy financial penalties.
2. The right to access.
As a website owner you should establish systems that can provide your users with a detailed electronic copy of the data that you have on them upon request.
3. The right to rectification.
As a website owner, you need to comply with customer requests for rectification for inaccurate data either in writing or verbally. You also need to setup a process to ensure rectification is carried out promptly and without delay.
4. The right to erasure.
As a website owner you must, upon request, totally erase and expunge from your systems any customer’s personal user data.
5. The right to restrict processing.
As a website owner, you must halt any processing of user data once you receive a request to do so. In such cases, you can only store such data but never use it.
6. The right to object.
As a website owner you need to draft clear and concise policies and privacy statements for users to read through and choose whether to accept them or not. Users must consent freely given and their consent can be withdrawn at any time without any repercussions.
7. The right to data portability.
As a website owner you must, upon request, provide users with all of their personal data. The users have the liberty to use this data as they see fit in other platforms and environments outside your company.
8. Rights in regards to profiling, and automated decision making.
As a website owner you need to have a lawful basis for customer profiling. You also need to send users from whom you have received their personal data indirectly a copy of your privacy statement to allow them to give or deny consent to use their data.
Please note, these are just the basics. GDPR is considered one of the most complex set of laws ever produced by the EU. While studying and adhering to all the laws is going to be a challenge, it is definitely one that we must all embrace. Dedicate the time to understand what is required of you fully and take appropriate action. Right now, Mash Media is offering a once off fee to ensure your site is compliant.