The European Union’s pledge to make its citizens’ digital life much more secure and devoid of data breaches has brought GDPR or General Data Protection Regulations to existence.
They are a set of rules made for each website that serves content, service, or any other digital resources to people of EU. Their framework basically calls for reforms on how personal data is collected from citizens of EU and how it is handled by the website or service owner.
The enforcement came into existence on 25th of May, 2018, and has grappled the tech giants, Google and Facebook in lawsuits worth 8.8 billion already. They have been alleged to not comply with the guidelines “enough”.
Here are a few General FAQ’s regarding GDPR:
No. Apparently, even if your business and/or website is not located in EU but affects the citizens of EU in some way (basically, exists on the internet), you are obliged to make the required compliances.
Moving beyond the present definitions of personal data such as age, name, email address, GDPR makes certain parameters like biometric information, genetic data and IP addresses also fall recognized as personal data.
In case a company doesn’t comply with the regulations, they will be penalised depending upon how severe the misconduct under GDPR is. There could be a fine as greater as 20 million EUR or four percent of a companies annual turnover. It is a severe fine anyway if you are found not complying to the regulation and call small businesses a heavy loss of funds.
Gdpr - Important Compliance Changes To Be Made:
If you have a contact form on your website for a purpose as simple as collecting an email address from the site visitor, you need to specify that you are collecting this email address for communications.
Specifying the same for contact numbers, and other form of contact information is necessary under GDPR. A simple example for stating it could be;
“We will be communicating with you with your submitted contact details”
In addition to this, a checkbox for taking user intent for distributing marketing emails, SMS, calls etc will be mandatory. If you want the user to subscribe to newsletters, they will agree by ticking the checkbox.
If you have a newsletter service that sends out emails constantly to the list of subscribers who have voluntarily given you their email information to you, a confirmation of the same must be made by you.
If the subscribers have agreed to receive marketing emails from you before May 25, you will have to send out another email to everyone in which you shall obtain a confirmation that your subscribers still wish to receive marketing emails from you.
If the subscribers don’t confirm the same to you, they must be deemed as “unsubscribed” by you. Following on, you won’t be allowed to send any more emails to these subscribers.
The confirmation can be taken by simply sending out a web page link, clicking on which, the user will confirm that they want to maintain their newsletter subscription status.
The use of HTTPS protocol for ensuring the integrity of the collected data is also a prime concern under GDPR. Website owners are expected to keep the data safe and in an encrypted format after collection from users.
For website owners who rely on 3rd party software such as Wordpress, MongoDB, MySQL and the like, need to ensure that the software providers themself comply with the GDPR laws.
In the nutshell, it can be said that if you’re going to collect data from your users, you will be liable to protect it and ensure that it doesn’t fall into the wrong hands. GDPR is all about protecting user interest and the way the privacy of their data is given the due importance.
So, go ahead and make these changes to your website quickly as the deadline May 25, 2018, has already passed. You will receive several updates regarding the privacy policies of the companies you have already subscribed to, make sure you read them carefully.
Chhavi is the Founder and Partner at Dikonia. She is passionate about delivering beyond expectations and crafting rewarding experiences. Her company provides innovative IT solutions including custom SaaS offerings that streamline workflow as well as development and design services in keeping with latest buying and market trends. Chhavi holds a Master of Computer Applications from Punjabi University.