GDRP is the EU’s new Privacy law, which goes into effect on May 25th, 2018. GDPR stands for General Data Protection Regulation. The law was passed in the EU 2 years ago and as the launch date approaches, we will try to explain in simple terms what the law is all about.
First of all, this is a law that is meant to protect personal information by the user of a website within the EU. It is applicable for all organization offering goods and services in or to the EU, and who collects or handle data. The law applies regardless of the location of the organisation.
Personal information
There is a difference between personal information and sensitive personal information. This article is about regular personal information. If you handle sensitive personal information, we recommend that you get in touch with Data Protection, as one needs concession to handle this type of information.
Personal information
- Name
- Photo
- Social security number
- Address
- Phone number
- Social media accounts
- IP-address
Sensitive personal information
- Racial or ethnical background, or political, philosophical, or religious belief
- Health conditions
- Sexual relationships
- Union-memberships
What does it mean for the company?
Before the law comes into effect, you need to review how your company handles personal information. You must review the procedure for collecting and storing data and ensure that this is done in a proper manner. Then, you need to ensure that the website informs the user about the collection of data that occurs, and that the user consents to this. For larger private companies, it might be a good idea to appoint a privacy representative. If you are unsure about whether your company needs a privacy policy, you can read more about it here.
What does it mean for the website?
If this has not been done already, you must have a look at the website and check if it’s ready for the new rules. Here’s a checklist you can use:
- Updated Cookie- and privacy policy.
- Ensure that the language is simple and understandable, that you inform the user about what kind of information is being collected, how long it will be stored, and what it’s used for.
- Consent
- Ensure that you enable your users to surf the website both with and without the collection of data.
- Unnecessary data
Given the fact that you must inform your users about all pieces of information that are being collected, it might be a good idea to remove the systems that aren’t being used. This way, you won’t collect unnecessary data from your user.