GDPR: All you need to know

Silence is not consent

The user of a site needs to give an affirmative consent before his/her data can be used by a business.

  • Businesses will need to clearly inform the userabout such transfers
  • Businesses will be able to collect and process data only for a well-defined purpose. They will have to inform the user about new purposes for processing
  • Businesses will have to inform users without delay in case of harmful data breach
  • The user will be able to move his/her data, for instance to another social media platform
  • The user will have the right to access and get a copy of his/her data, a business has on him/her
  • Users will have a clearly defined “right to be forgotten” (right to erasure), with clear safeguards

Source: europa.eu/dataprotection

So what does this mean? Ultimately, if you plan on building a website these are the main things you must consider.

Communication

Tell the who you are when you request data and why you are processing their data, how long it will be stored and who receives it.

Consent

If you require their data consent should be given by a clear affirmative action.

Access and Portability

Users should have access to their data and should be able to give it to another company if they so wish.

Warnings

Inform people of data breaches if there is a serious risk to them.

Erase Data

The ‘right to be forgotten’ if they ask, but only if it doesn’t compromise freedom of expression or the ability to research.

Profiling

This applies to processing applications for legally-binding agreements such as loans (please refer to ec.europa.eu).

Marketing

Give people the right to opt out of direct marketing that uses their data.

Safeguarding Senitive Data

Use additional safeguarding measures for information such a s health, sexual orientation, race, religion and political beliefs.

Children’s Data

You must get parental consent if the user is under 16. (Some EU Member States have lowered this threshold, so double check if you plan on having a site aimed at the younger demographic).

Data Transfer Outside the EU

Legal arrangements should be made when transferring data to countries that have not been approved by the EU authorities.

For more information please consult the European Commission Site.

Leave a Reply