The GDPR policy – yet another abbreviation to keep in mind. Please do. The General Data Protection Regulation is super important, since it governs the way in which personal data (yes, also yours) is gathered and handled in the European Union. Long story short: it tells you about your rights. Quite an important right, right?
Society is now more data-driven than ever before. Therefore, there is a rise in cyber-attacks due to a vast amount of stores sensitive data, breaches and other things we would rather avoid. The GDPR, the toughest privacy and security law in the world, answers to these problematic phenomena.
The General Data Protection Regulation gives businesses a playing field. It also makes the transfer of data between EU countries quicker and more transparent.
Also, it gives EU citizens more control over the ways in which their personal data is used. As long as you’re an identifiable, living person, you have some main rights that you can enforce at any point in time. 8 different rights, to be precise, according to the GDPR. Check them out:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to data portability;
- The right to object;
- Rights around automated decision making and profiling.
So, as a consumer or website visitor who has these rights, you can e.g. demand from an organisation to tell you how they use your data. In that case, if you have a business, you should always know how to use the data of your customers. Therefore, you are legally safe and you don’t fall into tricks and traps with bad fines.
It’s important to think about the information that you want to address in the GDPR policy.
So, which things do you need to address specifically? We will give you some examples. Who is the collector and who is the processor? Are you collecting and processing my data, or is someone else doing it for you? What kind of data do you collect? Is it just my e-mail address, or also my phone number, ID, bank account details etc.? And if you collect my personal data, where do you store them? And for how long? For what purpose?
Don’t forget to make the policy available at any time.
Users of your website or platform should be able to look into it whenever they want. They might file a complaint if they’re not able to. For example, when a website is publishing your data without asking your consent, you can always rely on the GDPR policy.
Cookies – no, not the delicious and freshly baked variant – are private data as well, because they give information about where to locate you. Sometimes they are mentioned in the GDPR and sometimes they are mentioned separately. Just don’t forget to oversee the official information about the cookies that you collect as well.