Odden > Writings > Security > GDPR and You // Are you ready?

GDPR and You // Are you ready?

Posted by: Darren Odden
Category: Security
Paris Gargoyle

Share if you would...

Approx. 2 minute read

GDPR // General Data Protection Regulation

None of this is considered legal advice. I strongly advise you speak to your legal representation to understand how this affects you.

In 2016, the EU passed legislation that protects all citizens of the European Union, starting May 25, 2018. What does this mean?

The law takes protections from the previous Data Protection Directive and extends it to provide a directive to how data can be handled and stored through data Processors and Controllers.

The key to the nature of the GDPR is the right for a citizen to become forgotten on the internet. It can be easy enough to comply if a person uses proper user experience practices.

Example – Use affirmative opt-in for email list signup.

The above means that a person needs to explicitly request placement on specific email newsletters, including 3rd party offerings. Your wording needs to be clear and distinct.

Some key points to the GDPR include:

  1. Consent
  2. Breach Notification
  3. Right to Access
  4. Right to be Forgotten
  5. Data Portability
  6. Privacy by Design
  7. Data Protection Officers

Terms of Use, Privacy Policies, and Cookie information can no longer reside behind legalese. It must be easily read and understood by the standard website user.

Breach Notification

Within 72 hours of learning of a security breach, users must be given notice so they can take proactive care of their personal information.

Right to Access

Data subjects can request the data controller confirmation as to whether or not personal data concerning them is processed, where and for what purpose. The information processed must be made available via electronic format for free from the data controller.

Right to be Forgotten

Known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her data.

Data Portability

Introduction of Data Portability means the data subject can request a machine-readable format of their data so is transferred another data controller.

Privacy by Design

Privacy by design calls for the inclusion of data protection from the beginning of the designing of systems, and not later as an afterthought.

Data Protection Officers

Internal record keeping requirements as further explained below, and Data Protection Officers (DPO) appointment will be mandatory only for those controllers and processors whose core activities consist of processing operations which require monitoring of data subjects.

Is there a simple way to break this down?

I have found two resources if have found helpful that make it easier to learn if you are compliant and what that means.

www.eugdpr.org
This site provides an overview of the GDPR legislation.

gdprchecklist.io
This site provides a checklist that might help you learn about your compliance.

Contact your legal counsel

I cannot stress enough using legal counsel to ensure your protection. The fines can be quite steep and particularly significant if you are dealing with user information in any manner with a citizen of the European Union.

I am not providing legal advice in any matter – only bringing awareness of the GDPR.

Share if you would...

Author: Darren Odden
A lifetime of design and development background and a passion for the user's experience. Combined with business and marketing skills, I harness all of these skills to collaborate and empower clients and their customers.