The GDPR (General Data Protection Regulation) of the European Union took effect on 25 May. It requires companies and website owners to be transparent about how they collect, use and share their visitors' personal data. The regulation also gives people greater access and choice when it comes to how their personal data are collected, used and shared.
It is important to understand that while GDPR is a European regulation, your requirements apply to all sites and companies that collect, store and process personal data of residents in the European Union, regardless of where the company is located.
In 2003, a specific code for the protection of personal data was legislated. The GDPR proposal comes in early 2012 and was officially approved in 2016, replacing the 2003 code. The text was approved by the Council and European Parliament and is published in the Official Journal of the European Union.
Every company and public administration body involved in the manipulation and processing of data of European citizens shall comply with the requirements of GDPR. By the end of May 2018, companies dealing with personal data of European citizens should be aligned with regulation. This compliance term is based on the period of two years from the date of approval of GDPR.
The General Regulation on Data Protection aims to strengthen the rights of citizens to their data. Among the main requirements and changes brought by GDPR, the following can be mentioned:
Controlling Local Organs: Each member country of the European Union will have a body responsible for investigating and processing complaints.
Deadline for communication to Local Organs: violations regarding personal data will have a maximum deadline of 72 hours to be reported. The holder should also be advised in case of risks to his data.
In addition to these changes, European citizens gain GDPR-guaranteed rights such as:
- Right to be deleted: the European user can ask the company to delete all their data.
- Right to object: the European user may choose not to offer his personal data for certain uses, such as marketing and promotional actions.
- Right of rectification of the data: the European user can request the correction and the filling of incomplete data.
- Right to portability: the European user can request the transfer of his data without bureaucracy or obstacles.
- Right to transparency: Information on processing and storing user data should be made available. This includes contact details of those responsible and reasons for keeping certain data.
- Right to privacy of children's data: Users under the age of 13 may only have data stored with the consent of parents or guardians.
The definitions and requirements of the GDPR are not limited to websites of European organizations. Any company dealing with European user data must comply with GSPR.
Facebook, for example, has already announced adaptations for its platform. Features such as downloading offline data and forms to facilitate data control by the user are being implemented.
You can learn more about GDPR from the European Commission data protection page.
- What information we collect about you;
- How we use your information;
- Who we share your information with;
- Collection and use of Non-Personal Data;
- Your rights regarding our use of your information;
- How long we keep your information; and
- How to contact us.