Instagram

WTF is GDPR.

Start a project with us >

What the flip is GDPR

A question that a lot of companies have been asking over the past few months, so before we delve into the dark corners of GDPR, let’s just get our heads around it a little.

GDPR stands for General Data Protection Regulation and will replace a major EU privacy law. The last piece of EU privacy law dates from 1995, and was intended to protect individual’s personal data during processing and movement. Slightly later, The Data Protection Act 1988 was designed to protect personal data that is stored on computers or in paper filing systems, which will also be superseded. Let’s bear in mind though; this was before the days of MySpace, Facebook, or even Google!

The purpose of GDPR is to provide a set of standardized data protection laws, that include more recent technical developments, ideally making it easier for EU citizens to understand what is happening to their data, and making it easier for them to raise any complaints if necessary even if they are not in the country where their data is located.

The six principles of GDPR

There are six main principles of GDPR that state that personal data must be:

  1. it is processed lawfully, fairly and transparently
  2. it is collected and processed for specified, explicit and legitimate purposes and will not be used for any reasons beyond its original purpose
  3. only the data necessary for the purpose required is to be collected, and no more.
  4. it needs to be up to date and accurate.
  5. it is only kept for the necessary amount of time that was required when collected.
  6. it is kept secure, and protected from any unlawful access, loss or damage.

What do the principles mean?

You need to be transparent with your subjects data; what data you are collecting, and why you are collecting it. This needs to be stated clearly in your privacy policy. Think it through, make a mind map. What are the different points where subjects are giving their data, and what happens to it then? It all needs to be stated clearly. Gone are the days when you could send a marketing communications email to someone who provided their email address to use your WIFI connection 6 years ago! Data can only be used for the sole purpose it was collected. Subjects need to opt-in to receive updates from you moving forward, and this cannot be a pre-ticked box. Keep the collected data to a minimum. This has two major benefits, in the event of a data breach, there is limited data to access, and limited data also makes it easier to keep accurate and up to date.  Subjects need to be able to erase or rectify their data as they wish, and if it is incorrect, they have the right to erasure or rectification within 30 days. The GDPR is deliberately vague about the measures organisations should take to ensure their data is secure as best practices are constantly changing , so it is up to the organization to ensure this. 

The individual’s rights

GDPR also states the rights for individuals in regards to their data, these are;

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

So.. to sum it up

It’s a good thing!

Website user’s data will have better protection and rights!

Data for purpose

Data will only be used for the intended purpose, so no more signing up for news on your favourite sports club and receiving emails about sports bras!

Make sure you’re compliant!

As of May 25th 2018, GDPR will be in place and you could be at risk of being fined if you site isn’t compliant.

Hopefully this has helped you get your head around the whole GDPR topic, but if you’d like to see how we can help, get in touch!

Previous Post Updating Football Crests.
Menu