The GDPR is the initial of "General Regulation for Data Protection" and designates the last European directive concerning personal data, published in 2016 and which is in application since May 2018. It provides for: strengthened obligations to protect data held by companies, devices relating to the expression of consent to collection and the development of the concept of portability.
Some concrete examples are:
The pre-cleared boxes will no longer be accepted to validate a consent
The consent of the children of less than 16 years will not be accepted any more
No consent can be of an indefinite duration, it is always possible to go back on its decision
The possibility of asking to erase your data at a supplier as well as all its affiliated partners (don't worry, you just have to do it at the supplier, who will validate the deletion of your information at its partners).
Here are some new features for your data:
Transparency: You will now have to be clear about all the data collected
Data portability: you could recover your data from Facebook and transfer them to Linkedin for example
The right of opposition: The possibility to oppose to profiling, or to direct marketing purposes.
It would be important to always keep a register of data and especially what we do with it (Yes more work for the agencies)
Increase the responsibilities of the subcontractors: because new security standards must be put in place: In case of hacking you must inform all stakeholders of the data collection, first: the supervisory authority, the person responsible for the treatment and the final consumer
In addition, in case of hacking, you must inform all stakeholders of the data capture, in the following order:
All this will give birth to a job that some people qualify as a job of the future which is the "Data Privacy Officer" who must be recruited for a minimum of 2 years for any processing of a multitude of data.
New certifications are now possible with the release of this new law including ISO 27001, be careful because the fine can go up to 10 million euros, or 4% of your annual global revenue.
This also applies to non-European companies that collect user data in Europe
Any security breach must be reported within 72 hours, this does not only apply to companies but also to bloggers, small businesses, and entrepreneurs
You should not be afraid of all this, but simply be ethical with your lists. I personally recommend following these few rules every time:
Highlight the "I agree to receive emails from ...."
Put all the details of the tools used for your analytics data, even the external providers
Document all data deletions in your database
Don "t think that a checkbox will decrease your subscription rate, again stay ethical, your lists will keep growing.
And last but not least, don "t do it just for European users, but like us be GDPR all over the world.
Your subscribers or users around the world want to be treated well
Of course, check all this with your lawyer
More information on the CNIL website here
In case of hacking, you must inform within 72 hours all parties involved in the data capture, in the following order: 1- The supervisory authority 2- The data controller 3- The final consumer
- Transparency - Data portability - The right to object - Keeping a record of data and sharing - Increasing the responsibility of subcontractors
GDPR or in French RGPD stands for "General Data Protection Regulation" and refers to the latest European directive regarding personal data, published in 2016 and which has been in force since May 2018. It provides for, among other things: strengthened obligations to protect data held by companies, devices relating to the expression of consent to collection and the development of the concept of portability.
- Pre-checked boxes will no longer be accepted to validate consent - The consent of children under 16 years old will no longer be accepted - No consent can be for an indefinite period, so it is always possible to go back on your decision - The possibility to ask for the deletion of your data from a supplier as well as all its affiliated partners
Was this article useful?