GDPR simplified

    • stunntech blog author image
    • Sasank Thaliyil

  • |
  • July 26, 2018

 

Have been hearing about GDPR and its privacy policy update for the past few days. Here are my understandings. 

First, What is GDPR? 

GDPR stands for General Data Protection Regulation. GDPR is a new regulation approved by the European Commission which states that if a website or digital platform collects or stores data related to an EU citizen, it must comply with the following:

  • Tell the user who you are, why you collect the data, and how long it will be stored.
  • Get clear consent before collecting data.
  • Let users access & delete their data.
  • Should let users know if data breaches occur.

It applies to applies to organisations in all member-states and has implications for businesses and individuals across Europe, and beyond.

 

What is GDPR compliance?

Under the terms of GDPR, not only will organisations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it will be obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners and face penalties if not doing so.

 

Who does GDPR apply to?

GDPR applies to any organisation operating within the EU, as well as any organisations outside of the EU which offer goods or services to customers or businesses in the EU. That ultimately means that almost every major corporation in the world will need to be ready when GDPR comes into effect and must start working on their GDPR compliance strategy.

 

How to make your software/ websites GDPR compliant?

The main steps to take care here while making websites/online platforms globally or for Europe are:

  1. Create a Privacy Policy. Provide the privacy policy link in the main menu. Do not copy and paste a Privacy Policy from another site. Specifically, write the privacy terms.
  2. Contact 3rd party services for information about their compliance. You will need to list any information about 3rd party services in your Privacy Policy.
  3. If you gather email addresses as part of a newsletter or subscription service, you must provide the ability for people to opt-out or unsubscribe. You should also ensure that any signup forms inform users of what data you gather and how it is stored/used. If you’re using a third-party email service such as MailChimp, you won’t need to worry about these features since they will provide the required options/settings for you. 
  4. Ensure that your site is installed on https rather than http. Contact your host provider to get an SSL certificate
  5. Check if any plugins on your site are no longer maintained by the author. They might be using some old methods to store user data & may not be GDPR complaint.
  6. Cookies - If cookies in your website stores user information to identify them and show personal suggestions, it is considered personal data. This means if you’re using Google Analytics or similar services, you need to comply with GDPR.

 

GDPR is an issue for the internet as a whole, if you have a proper privacy policy, not storing user data unnecessarily, allow them to see/delete their own personal data and thus make your website more compliant, then you don’t need to worry about GDPR.