GDRP is the EU’s new Privacy law, which goes into effect on May 25th, 2018. GDPR stands for General Data Protection Regulation. The law was passed in the EU 2 years ago and as the launch date approaches, we will try to explain in simple terms what the law is all about.
First of all, this is a law that is meant to protect personal information by the user of a website within the EU. It is applicable for all organization offering goods and services in or to the EU, and who collects or handle data. The law applies regardless of the location of the organisation.
There is a difference between personal information and sensitive personal information. This article is about regular personal information. If you handle sensitive personal information, we recommend that you get in touch with Data Protection, as one needs concession to handle this type of information.
- Social security number
- Phone number
- Social media accounts
Sensitive personal information
- Racial or ethnical background, or political, philosophical, or religious belief
- Health conditions
- Sexual relationships
What does it mean for the company?
What does it mean for the website?
If this has not been done already, you must have a look at the website and check if it’s ready for the new rules. Here’s a checklist you can use:
- Ensure that the language is simple and understandable, that you inform the user about what kind of information is being collected, how long it will be stored, and what it’s used for.
- Ensure that you enable your users to surf the website both with and without the collection of data.
- Unnecessary data
Given the fact that you must inform your users about all pieces of information that are being collected, it might be a good idea to remove the systems that aren’t being used. This way, you won’t collect unnecessary data from your user.