The GDPR – yet another abbreviation to keep in mind. Please do. The General Data Protection Regulation is super important, since it governs the way in which personal data (yes, also yours) is gathered and handled in the European Union. Long story short: it tells you about your rights. Quite an important right, right?
Society is now more data-driven than ever before. Therefore, the vast amount of stored sensitive data has resulted in a rise in cyber-attacks, data breaches and other things we would rather avoid. The GDPR, also known as the toughest privacy and security law in the world, answers to these problematic phenomena.
The General Data Protection Regulation gives businesses a playing field and it makes the transfer of data between EU countries quicker and more transparent.
It also empowers EU citizens, by giving them more control over the ways in which their personal data is used. As long as you’re an identifiable, living person, you have some main rights that you can enforce at any point in time. 8 different rights, to be precise, according to the GDPR. Check them out:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to data portability;
- The right to object;
- Rights around automated decision making and profiling.
Because of these rights, as a consumer or website visitor, you can e.g. demand that an organisation tells you how they use your data. So if you have a business, you should always know how to use the data of your customers. This way, you are legally safe and you don’t fall into tricks and traps which fines are not considered funny.
It’s important to think about the information that you want to address in the GDPR policy.
So, which things do you need to address specifically? We will give you some examples. Who is the collector and who is the processor? Are you collecting and processing my data, or is someone else doing it for you? What kind of data do you collect? Is it just my e-mail address, or also my phone number, ID, bank account details etc.? And if you collect my personal data, where do you store them? And for how long? And for what purpose?
Don’t forget to make the policy available at any time.
This means that users of your website or platform should be able to look into it whenever they want. When you don’t, they might go and file a complaint. For example, when a website is publishing your data wihout asking your consent, you can always rely on the GDPR policy.
Cookies – no, not the delicious and freshly baked variant – are private data as well, because they give information about where to locate you. Sometimes they are mentioned in the GDPR and sometimes they are mentioned seperately. Just don’t forget to oversee the official information about the cookies that you collect as well.