PROPERTIES, FINANCE & TECHNOLOGY NEWS AND BLOG
bot_img
11

Disclaimer

GDPR is the European General Data Protection Regulation, Compliance with the GDPR will be based on the specific facts of an organization’s business, operations and use of data.

In this blog, I will try and set out discussion points that may be useful in the development of an organization’s GDPR compliance efforts from the website/application owners and developer's perspective, and how to deal with accessibility and user data management and its relationship with GDPR.

What I discuss here is not intended to be legal advice, guidance or recommendations. An organization should consult with its own legal counsel about what obligations they may or may not need to meet it is all based on the presentation on the subject that I deliver to my clients in Europe.


Historical Overview

Before 25th May 2018 we had;

  • Data Protection Act 1998 (DPA)
  • Privacy and Electronic Communications Regulations 2003 (PECR) additional restrictions on direct marketing by electronic means (phone, fax, email, text, video messaging), rules on cookies etc.
  • Regulation of Investigatory Powers Act 2000 (RIPA), covers ‘interception’ of communications (e.g. monitoring employee emails or internet usage)
  • Since 25th May 2018, we have the new EU General Data Protection Regulation (GDPR) has required all organisations, that hold data related to EU data subjects, to more effectively manage data on their customers, employees, contacts and any other relevant persons on their digital media or traditional paper format.

GDPR and IT Governance apply to all verticals, all sectors, all organizational sizes.
There is no current formal certification for GDPR. ISO 27001 does not cover all of the new directives. BS 10012 is the new certification for GDPR, however, it is not easily available to most of the EU member states.


image


Natural person = a living individual

Natural persons have rights associated with:

  • The protection of personal data
  • The protection of the processing personal data
  • The unrestricted movement of personal data within the EU

The Article 1-3 deals with who and where of personal data that is processed wholly or partly by automated means or the personal data that is part of a filing system or intended to be.

The Regulation applies to controllers and processors in the EU irrespective of where processing takes place. Also, it applies to controllers, not in the EU and anywhere in the world serving EU citizen.


GDPR Importance

The GDPR is broadly the same as DPA (Data Protection Act 1998) but extends obligations and potential liability to data processors and controllers. The protections apply to any organisation (anywhere in the world) that process the personal data of EU data subjects. Below is two important reason for why it is so important for organisations to comply.

  • Significant impact on organisations and how organisations that capture user data and manage the acquired data with some potentially very large penalties for violations set at 20 Million Euro – 4% of global revenues
  • Impacts the storage, processing, access, transfer, and disclosure of an individual’s data records

GDPR also covers security, legal, compliance, risk, data management issues and much more…


GDPR – the value proposition

While there are challenges in complying with GDPR, but organisations will need to fully develop their approach to avoid reputational damage and fines.

GDPR will force changes in the way we manage user data and possibly, the once in a generation opportunity to transform the way organisations are compelled to manage data. It has many benefits that support digital transformation outcomes and will have IT opportunities for developers with:

  • Newer web tools and web standards are required in the CMS and Email Marketing we engage today
  • It impacts all web application and email processors for owners and administrators and therefore brings extra revenue for those that deal with fixing or finding good solutions.

image


Organisational Data Governance

  • Need: to understand what all the in-scope data is used for, why and by whom
  • Why: so you understand how you’re aligning to the principles
  • Is all of the captured data really necessary?: limit the amount of data collected and reduce the potential for breach and non-compliance with GDPR. DO NOT ask for un-necessary data
  • Conduct a personal data audit: delete inaccurate and out-of-date and ask questions about the data collected
  • Disclose all usage of the data: create an in-house data policy and adhere to it to demonstrate to authorities when required.

What counts as personal data?

Practically any kind of data you collect from your users. This can include things like email addresses collected from newsletter sign up forms, a name from a contact form, or even using Google Analytics and more...


“Personal Data” is defined by the GDPR guidelines as any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly in particular by reference to an identifier such as; a name, an identification number, location data, an online identifier to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”


It also applies to site owners outside EU that provide their content to EU resident
Ask for consent to meet GDPR standards

  • Contain a clear statement of consent - use plain language that’s easy to understand (no legalese)
  • Require a positive opt-in - (i.e., no pre-ticked boxes, silence, or inaction)
  • Self Contained - be separate from any other terms and conditions
  • Reasons for Data Capture - explain why the entity wants the data and what it will do with the data
  • Disclose the Consumers of Data - name any third-party controllers that will rely on the consent
  • Clarity in consent options - explain how the data subject may withdraw consent
  • Provide alternative if no consent is given - avoid making consent a precondition of service
  • Update the Privacy Statement – revise the statement to cover GDPR & also revise Cookie Consent
  • Right to be Forgotten – provide a way to withdraw consent & purge the collected personal data

image


Where to Start?

Where? Determine what data you hold, where it came from
What? Determine what information you have pertaining to customers
Who? Review which third-party service providers you use

Who would be involved in the process

Data Controller – How personal data is collected, for what purpose & how it is used
Data Processor - Maintains & processes the data on behalf of the Data Controller
Data Protection Officer - Oversees the data security strategy and GDPR compliance

DPO is required, if you process sensitive data or data relating to criminal convictions (ie religious/political views, sexual orientation, health data etc.) or are a public authority OR if solution regularly monitor/process data from EU citizens on a large scale.


Transparency

People anywhere, and now by law in EU have the right to know what kind of information is being collected from them, how it is being stored and what it will be used for.


image


Web Site or Application Manager To-Do-List (if not done yet?)

Unless you are a sizable organization and have all the resources and funding available to comply With GDPR in one go, you might want to do the work in 2 to 3 phases and prove it is work in progress.


image


What about Emails and Newsletters?

GDPR will require provable consent for someone being on a mailing list. For new subscribers to your list, gaining consent will be easier, but what about existing email marketing clients? The original consent might not have been kept.


image


Areas of the site or application that requires a review

You are likely to require consent from your users in many areas. Below are a few examples which include, but are not limited to:


image


Add Explanations to Forms

Tell your visitors why you need to ask the questions on the form and detail how they will be used and shared. Don’t collect more data than is absolutely necessary, and make sure to link to your Privacy Policy for more information. You also need to provide a checkbox for them to give explicit consent.


image


The GDPR Cookie Consent

To stay compliant with any new modification of regulations related to data protection, such as the GDPR. The existing Cookie Module will need to be enhanced. See example below where you need to explain all aspects of the cookie you capture, why and if the user can make them inactive.


image


Continuous Risk Assessment


image


If in doubt then please do contact a Professional for Advice

GDPR is a drastic overhaul of current EU privacy and data regulation; so naturally, the entire process can appear a little daunting. So speak to a professional, and see what steps need to be taken to make your site GDPR-ready, simply get in touch today.


image


Please do contact me if you have a requirement for GDPR consultation or require a more hands-on fixing of the elements within your organizational WebSite or Web Application as well as how to deal with existing user data. Naturally, bulk marketing Email or Newsletters to a user base that includes EU citizens are of utmost importance. Advise on how you send them and capture data from EU citizens are relevant in the new GDPR era.

Posted in: Salaro

Post Rating

Comments

Gabrielle Greaves
# Gabrielle Greaves
Thursday, June 28, 2018 10:41 AM
An identification of the project is done for the flow of the incentives for the humans the challenges he been done with http://www.essay-one-time.com/ for all possible items for the candidates. The sorting is done for the ascertainment of the projects for the persons.
Mercilla
# Mercilla
Thursday, November 8, 2018 1:22 PM
You guys can search for the best pdf to png and you will seee that alto always wins. It's because it has something great that we are not aware of and we need to know about it in more depth for sure. It will be great.
Robinjack
# Robinjack
Wednesday, February 13, 2019 1:45 PM
Eminently composed article, if just all bloggers offered the same substance as you, the web would be an obviously better place.. Trust Flow blog comments
Robinjack
# Robinjack
Thursday, February 14, 2019 11:47 AM
Possessing read this I thought it had been quite beneficial. I value you taking time and work to put this article together. I when once again locate myself paying method to significantly time both reading and commenting. But so what, it was nonetheless worth it! 오션 파라다이스
Robinjack
# Robinjack
Sunday, February 24, 2019 9:54 AM
i would always be a fan of Nip/Tuck, i was saddened about the episode when one of the doctors got breast cancer` 베트맨 토토
Robinjack
# Robinjack
Monday, February 25, 2019 8:34 AM
Hi there, I simply hopped over in your website by way of StumbleUpon. Now not one thing I’d typically learn, but I favored your emotions none the less. Thank you for making something worth reading. 먹튀검증
AsharSeo
# AsharSeo
Monday, March 4, 2019 7:36 AM
I have seen wonderful websites and I have caught not so great websites. This site is very informative in many ways and certainloy ranks in the former category. Really appreciate the information your providing use avid readers! techniques of seo
Robinjack
# Robinjack
Thursday, March 7, 2019 2:48 PM
I always insisting my dad that not all headlines posted online are original but this post can be an exceptional to my rule. Costa del Sol
Robinjack
# Robinjack
Saturday, March 9, 2019 1:03 PM
Trusting to make the right decisions can be tough. Many of us develop this ability over the course of our life. It doesn’t really just happen if you know what I mean. Womax Preço
Robinjack
# Robinjack
Tuesday, March 12, 2019 8:35 AM
Hi there, just became alert to your blog through Google, and found that it’s truly informative. I am going to watch out for brussels. I will be grateful if you continue this in future. Many people will be benefited from your writing. Cheers! 사설토토
AsharSeo
# AsharSeo
Wednesday, March 13, 2019 6:34 AM
aluminum curtains rods are much lighter than those steel rods that we previously used,. Happy Easter Messages
AsharSeo
# AsharSeo
Wednesday, March 13, 2019 6:36 AM
much appreciated this is great web journal. good friday 2019
Robinjack
# Robinjack
Saturday, March 16, 2019 3:52 PM
Saved! Found your self on google and I am glad I was able to. Great site you ought to get plenty of traffic here’ like to own a blog along these lines. Official iPhone Unlock
david
# david
Sunday, March 17, 2019 4:04 PM
That's what makes you the best. You should keep publishing more articles and you will Such Become One of the best writers ever download burna boy gbona mp3

Robinjack
# Robinjack
Monday, March 18, 2019 4:31 PM
I image this could be various upon the written content material? however I nonetheless believe that it usually is suitable for nearly any type of matter material, because it will frequently be enjoyable to resolve a heat and delightful face or perhaps listen a voice while preliminary landing. Buy Web Traffic

Post Comment

Name (required)

Email (required)

Website