The GDPR (General Data Protection Regulations) are a collection of regulations that have been put in place to protect European Union Citizens across the web. If your website can be accessed by anyone in the EU, and gathers any user information then your company is at risk of violating the laws.
With less than a year before the regulations go into full effect and exorbitant fines put in place if violations are made, knowing the upcoming rights of the EU citizens is in your best interest.
Some of the data that is protected includes email addresses, demographic data, names, location data, economic data and much more.
Below are the top four rights of EU users under the GDPR to provide a high-level overview of the regulations.
Condition for Consent
Explicit consent must be gathered before any data can be gathered. Explicit being the key word, the user must interact with your site in some way in order to confirm consent. Silence, inactivity or pre-ticking a checkbox to imply consent is a no-go. Having an audit trail to prove you gathered consent is a good idea for your own protection.
Right to access data
If a user requests their information, how their data was accessed, where it was accessed, who has access or what categories of data are accessed and you do not respond in a timely manner, this will result in a violation.
Right to erasure
Similar to a users right to access data, if they request deletion of data at any time, this means that all of the data has to be deleted. If this data has been distributed, notifying any entity that controls this data must happen and it must be erased without delay.
Right to rectification and objection to profiling
Corrections to their data, or object to profiling all together is something else that the user can request. By providing a supplementary statement, the user shall have the right to incomplete personal data.
If your business reaches a certain threshold, a data officer can assist in this process, and it may even be a requirement in some instances. Even if the need for a data officer isn’t the case, a thorough evaluation of your data, the user experience in collecting data and your back-end process for storing data is recommended.