May 25th saw the arrival of the General Data Protection Regulation, this update to the EU privacy laws is to ensure your personal information is protected and remains in your control.
All companies that process any form of customer information whether its collecting email addresses, finanical information, phone number of any data that is relevant to you as an individual have to comply with the following requirements:
a) Data is processed fairly, lawfully and transparently
b) Data is collected and processed for specific reasons and stored for specific periods of time, and that it is not used for reasons beyond its initial purpose
c) Only the data necessary for the purpose it is intended is collected, and not more
d) Data is accurate and that reasonable steps are taken to ensure it remains accurate.
e) Data is kept in a form that allows individuals to be identified only as long as is necessary
f) Data is kept securely and protected from unlawful access, accidental loss or damage
For individuals this means you have total control on any data help about you by any company. Whether you wish to see the data held on you, request your right to be forgotten (data erased) or allow/object how data is used, the company in question is legally obliged to deal with your request.
For company websites you have to have specific elements in place to inform your users of what data you collect, why you collect it and what it may be used for. By not having this in place you are exposing your company to significant financial penalities – Up to 20 million Euros or 4% of your annual turnover (which ever is higher). This applies to all companies within the EU or any globabl company that deals with the EU.
Contact Plan2IT at firstname.lastname@example.org to get a compliance check on your website and implement the legally required GDPR controls.