If your business collects any sort of online personal data (and whose doesn’t?), then you’re probably counting the days until May 25, 2018, when the GDPR (General Data Protection Regulation) takes effect.
Although GDPR is an EU regulation which emphasizes that users must give “active consent” to any platform collecting their personal data. Here are a few things to consider when evaluating your business’ collection and use of personal data:
If you plan to store data, use it to target ads, share it with other entities, or just to add a personal touch to the user’s interface, explain so clearly and prominently. The GDPR only considers the collection of necessary information to be lawful, so if you ask for a user’s demographics when all you do is sell shoes, explain why you absolutely need that information or expect legally-backed resistance from informed users.
It is not the responsibility of the individual user to opt-out of data collection. There must be a clear opt-in option in order for you to obtain data–no pre-ticked boxes and no lumping in special conditions with typical terms and conditions. If you intend to use sensitive data like their genetic information, be crystal clear that they are opting-in for that usage.
Specify that users can to opt-out in the future or ask that their data be erased.
Don’t forget that all personal data your business stores is covered by GDPR. Your employees must provide active consent just like any online user. If a data breach compromises their information and you did not obtain their active consent, you will be fined.
If you were compliant under the Data Protection Act you may be able to roll into the GDPR without an overhaul. The GDPR standard for data collection is that it be “specific, granular, clear, prominent, opt-in, properly documented and easily withdrawn.” For a detailed explanation of these qualifications or to ensure your system already complies, visit IP Draught.
If you aren’t GDPR savvy or haven’t fully read the Guide to the GDPR, sending an email to those whose data you already have and adding a website pop-up explanation of your data use policies is a good idea.
Here is an example of a pop-up from Podio.com:
With fines reaching as high as 4% annual revenue or €10-20 million, the GDPR is clearly not messing around. Double-check your permissions with your users to be safe or accept the risk of not doing so.
Asking users for active consent and being transparent in your use of their data builds trust and enhances your reputation. If users feel educated and in control they will want to continue their relationship with you.
Active consent is a positive step for the protection of us all in this digital economy. Show your users you care by obtaining it.
AI chatbots are transforming communication, but recent headlines reveal their darker side: lawsuits over harmful content and reports…
DPI systems can just as easily exclude people from participating in some aspects of society…
HR has always had far-reaching responsibilities, however its focus has long been on employee retention…
Longview Fusion Energy Systems has announced its role as a key contributor to two of the…
As CFOs battle tough odds, accounting solutions help to drive new efficiencies More than anything,…
Could 'Kallisti' be the beginning of another Trojan Horse scenario? perspective The US Defense Advanced…