What is GDPR?
The full form of GDPR is general data protection regulation. It was launched in May 2018. It was in 2016 when the European Commission approved it. It aims to provide security to citizens. It makes sure that the personal data of citizens are safe. It provides privacy to them and is known to be stronger than existing laws. It means that whenever any website wants to store data, it has to
- Inform about it to the user.
- Introduce itself to the user.
- Specifically, mention why their data has been taken.
- Consent for collecting the user’s data
- Allow users to access their data.
- Allow them to delete their data if the user wants to do so.
GDPR has so many features for websites. It allows websites to properly protect individuals’ data. It increases the stakes.
Personal data:
It refers to any information that relates to an “identifiable person”. The user’s information involves,
- Name and email address of the user.
- Google Analytics
- Contact details
- Location of the web host.
What kind of data is considered?
With GDPR, two rights get assured
- The right of erasure
- The right of portability.
Every business has to get consent from GDPR. The following types of data are included in GDPR
(1) Personal information of the users. It involves their names, residential addresses, contact details, etc.
(2) Digital data of the user. It includes the IP address and other related details.
(3) Health-oriented details of users
(4) Their political views
What requirements have to be fulfilled?
There are 99 articles in GDPR. Every company that wants to store personal information should obey the rules of GDPR. The following requisites have to be fulfilled
- The business should be present in an EU country.
- Even if it is not present, it can take data after getting approval.
- There need to be at least 250 employees in the company.
- Even if there are not 250 employees, the company can take data.
Principles of GDPR:
- The personal data of people should be used lawfully and transparently. It will be unfair if it is misused.
- The personal data of the user should be taken for some strong purpose only. And the data should be used for that particular objective only.
- The data should not be collected unless it is genuinely required. It should be authentic, genuine and enough.
- The safety of personal data should be ensured. Every required step should be taken to make sure that the data is safe.
- The company should remove the data after the purpose gets fulfilled. There is no need to store the data.
- The company has to take care of these principles. Failure to which the company will be in trouble.
How To Make Blog GDPR Compliant?
WordPress is soon to make an announcement regarding this. Even Google is working on the same idea. Till then one can consider below-mentioned features:
- One should have a strong Privacy Policy. It should be linked to the main menu. One should not copy and paste the Privacy Policy. It will be harmful.
- One should check 3rd party services. It is done to get the required information. Every 3rd party service needs to be listed in the Privacy Policy.
- Many websites get email addresses of their users by asking them to subscribe to their newsletter. They should also have an option to unsubscribe.
- The signup forms should tell users about the kind of data to be stored.
- The website should be installed on https instead of HTTP.
- One has to make sure that WordPress is perfectly updated. The user owner should use its latest version.
- One has to make sure that all themes should be properly updated. The option of automatic updates should be there.
GDPR for Bloggers – How to Prepare for It:
1. You should have basic knowledge:
GDPR compliance is a part of the organization. GDPR can never be done by one single person. It has to be done by key personnel of the organization. These people are none other than HR, IT, marketing, finance, security teams. All of them have to constantly interact with customers. And so it is fundamental for them to have basic knowledge of General Data Protection Regulation.
One should know the common terminologies of GDPR
1. Data subject
It refers to a natural person. His data is used by a controller or processor.
2. Data controller
It refers to the entity which is used to frame purposes and conditions.
3. Personal data
It refers to the information that relates to a natural person.
4. Data processor
It refers to the entity that uses data instead of the Data Controller.
One should know about various articles associated with GDPR
1. Article 5
It includes all the principles that relate to personal data.
2. Article 6
It involves various Laws related to the processing of personal data.
3. Article 12 – Article 22
It includes various rights subjected to the Data. It involves the right to access data and right to forget data.
4. Article 25 & Article 32
It includes all the companies that should implement GDPR. It is necessary for them to get protection against their personal data of any data subject.
- One should know about what one can do
- First, you should devote some time to read and understand the law.
- Ensure the safety of your user data.
- It should be taken care of the way secrets are taken care of.
- You should constantly check your products and services. Your tools and other assets should be up-to-date.
- Inform your people about various risks associated with GDPR.
2. Know the present day condition of GDPR compliance:
There are various situations associated with GDPR. What one can do in those situations is discussed below. Have a look:
1. Data mapping:
Firstly you should understand the movement and usage of data in the institute. There should be proper documentation of the information. The company should also take the flow of information into consideration. It helps the organization to identify the core areas. It is very important to find out areas that will lead to GDPR compliance problems.
2. Privacy Policy:
You should definitely have a close check on the privacy policy of the company. This is the very first place which is tallied check for GDPR compliance.
You have to educate your employees about various laws. They should be well aware of processing the data. They must be told how to complain if customers are not satisfied. The data should be subjected to decision making. The employees must be told about their rights according to the GDPR.
3. Training:
The GDPR holds a very important place in the organization. So the employees must understand the importance of data protection. They should be given proper training as per the principles of the GDPR. They should be well aware of the procedures as used in compliance.
3. Have a check on further steps:
All the data controllers are strictly suggested to cooperate with the authority. The audits should take place properly. Each and every data processing activity should be under control. The records should be kept properly in the organization.
1. One should check the vendors:
The best thing about GDPR is that it does not have specific rules. The companies can apply different tactics to protect the data. They can do anything to improve their user experience. Many companies applied new tactics before the launch of GDPR. They did so to know about their competitor websites.
2. Report data:
You have to ensure that the right procedures take place at the right time. You have to constantly report and investigate your internal and external data breaches. The data breach must be based on severity, the number of subjects affected, and kind of personal data available.
You should report your data breaches to the Supervisory Authority within 3 days. It has to happen unless personal data gets encrypted.
3. Continuous operational tasks:
You have to accept the fact that privacy is a constant project. It has to be maintained always. You have to continuously work to ensure the safety of the data. The data collected by you should be safe. Also, it should be used properly. For this purpose, you can review your working processes. You have to make sure that all the individual rights get covered. The users should get a right to delete their personal data.
4. Website tactics:
Every person should do website adjustments to be relieved. But many developers and marketers find it controversial. So, it is not a piece of legal advice. But if taken, this advice will definitely benefit to a great extent.
1. Check all forms:
This is the most important step. It is considered to be the standard way to gather any information. Every businessman should check each and every form. There is no specific way to do that in the best way. Companies can find their own way to check forms.
2. Use the concept of cookies:
It is the shorter version. You can simply inform your visitors about your cookies. Your language should be easier so that they will understand it. You should inform them about your tracking system. This is done to avoid all the negative circumstances.
The companies are free to implement their own way of doing this.
5. Other GDPR compliance issues:
There are many GDPR compliance issues. They are generally not paid attention but they are equally important. Take them into consideration.
1. Transferring data and its disclosure:
You must be very careful with personal data transfer. You have to ensure that unless you approve, no data gets transferred. Ask your data processors to take your approval first. Only then allow them to disclose personal data.
2. DPIAs:
It stands for Data Protection Impact Assessments. The GDPR has made it compulsory for the organizations to have DPIAs. It is because there is involvement of high-risk. The technologies may become obsolete. They may get deployed. It will adversely affect individuals significantly. And so large-scale monitoring is very important. This becomes more important if it comes to a publicly accessible area.
3. LIAs:
It stands for Legitimate Interests Assessments. It refers to the legitimate interests taken by privacy specialists. It is one of the best practices developed by privacy experts. It includes those situations when data controllers depend on legitimate interests. The controller can use his interest to ensure data protection. He may make sure that other laws are also being fulfilled.
4. DPOs:
It stands for Data Protection Officers. The GDPR asks organizations to have one Data Protection Officer (DPO). It includes public authorities. It is mandatory for organizations where continuous monitoring takes place. It also includes those organizations where systematic monitoring takes place at a large scale. This is done so that the data is not misused. There should be at least one authority who takes responsibility.
5. Safety of children:
GDPR has different rules, regulations, laws, and provisions for children. It includes children below 16 years.
The bottom line:
GDPR came into existence from May 25, 2018. It is very detailed and precise. It answers all the issues related to the rapidly growing digital world. It raises the importance of privacy issues for data subjects.
It is very transparent in nature. Every company has to do proper documentation of personal data. It has to ensure that everything happens as per the law. They have to follow sufficient procedures. They have to make sure to provide information safely. GDPR is considered to be very important as it works for data protection.