In 2021, European Union regulators hit Amazon with a record $844 million fine for beaches to GDPR. They are disputing the court order, but it shows that there are consequences for companies ignoring GDPR requirements.
GDPR stands for General Data Protection Regulation. It is a legal guideline for the collection and processing of personal data from people who live in the EU.
It doesn’t matter where you or your company operate. If you have customers or website visitors from the EU, GDPR applies to you.
It’s a tough, lengthy, and often complicated guideline but this guide will help you get your head around it so you can operate a legal, secure business.
The Eight “Data Subject” Rights
GDPR law revolves around eight rights that protect “data subjects.” This term refers to anyone giving personal data to a company/website. These rights are:
- The right to be informed
- The right of access
- The right to erasure
- The right to rectification
- The right to data portability
- The right to restrict processing
- The right to object
- The right to automated decision making
Users must always know what data companies are collecting about them, how they are using it, and how long they are keeping it. It also must be clear if you, as a business owner, are sharing the information with third parties.
Under GDPR requirements, you must also be able to give subjects a copy of all personal data you have on them when requested. They can submit a DSAR (data subject access request) to get this information.
They can also ask you to remove or update any information you have on them in your data storage and you must comply.
You must also have the best cyber security practices to ensure there is never a data breach. Data security is the foundation of GDPR.
What You Can Do to Be GDPR Compliant
That was an overview of GDPR, so what does your company need to do to comply?
First, create a privacy notice or policy that users can access on every page of your website (the footer works well). Include what data your company uses, how, and how long you keep it.
If you share information with third parties (Google Analytics, for example), you need to include that in your privacy policy.
The second most important change you need to make is to ensure users give clear consent every time they give your company information. For every newsletter sign-up, sale, and comment box there needs to be a tickbox.
Create an opt-in “cookies” banner for your website so that users can give consent for you to track their cookies.
And you need to ensure that data lives in the safest data storage possible. Invest in GDPR compliant software like Certus Software, Onspring, or Netwrix.
Follow GDPR Requirements to Protect Your Company and Customers
The GDPR requirements might sound tough and unnecessary, but implementing them is a win-win. You win because your company is legitimate in the eyes of the European Union. And your customers/users win because they know their data is safe and secure.
Make the effort to be GDPR compliant and you will reap the rewards.
Want to make sure other parts of your business are 100% above board? Our law, finance, and tech articles have tons of useful information and advice for you!
-
-
-
-
-
-
