First of all, let’s begin with a couple of general information on what GDPR really is. GDPR, General Data Protection Regulation, is a new regulation, created by the EU so that people can have more control over the information that they are sharing and how their personal data is going to be used. All in all, it toughens the data protection legislation. A secondary purpose could also be the fact that the EU wishes for businesses to operate in a clearer environment. The GDPR will come into effect on 25th of May, 2018, in all EU member states.
When it comes to personal data, the European Commission defined personal data as being “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, your posts on social networking websites, your medical information, or your computer’s IP address.” (europa.eu/rapid/press-release_IP-12-46_en.htm)
Following this regulation, much stronger rules will come into existence and they’re bound to change the entire vision that companies had before regarding data privacy.
What does GDPR mean for the users?
For instance, from now one users will have to give their agreement upon the collection of their data and the sort of data that is going to be stored has to be straightforward and there has to exist a clear explanation upon the purpose of it usage. Also, users will have the possibility to disagree with the usage of their personal data. We are likely to share a lot more information in the online environment than we even realize. And most of the time we don’t pay the required attention to privacy. This enforcement will also shed more light on this topic.
Where will GDPR be applied?
This law applies to all EU citizens, meaning that even a non EU website that receives EU visitors has to comply. There are two terms we need to take into consideration: “personal data” and “processing of personal data”. Also, we can familiarize with the terms of “controllers” and “processors”, basically where GDPR is applied. The controller basically refer to the organization that is bound to collect the data and the processor refers to the organization that processes the data on the behalf of the controller. Given the case that a processor is involved in data breach under the GDPR, the liability is a lot greater than it used to be under the Data Protection Act.
What if my site is not GDPR compliant?
For those that are not willing to comply by May 28th, there will also be penalties. Hence, afterwards controllers must make sure that the personal data they collect has an exact purpose, is transparent and lawful.
SA’s (Supervisory Authorities) are bound to be set up. It depends basically on the member state’s administrative and organizational structure how many SA’s will or can be set up. These SA’s will have various functions, such as the right to conduct audits on websites, to issue warnings and measure where they see the need, where the website is not compliant.
All these taken into account, organizations and companies started to make preparations for the GDPR regulation.
We took a deeper look at how GDPR will affect WordPress CMS websites and what is actually required in order to be compliant in a different article.
The question is what can you do to be compliant?
This article has an average rating of ★★★★★ based on 0 ratings