If you’re like many business owners, you may be wondering what GDPR is and how it will affect your website. Don’t worry, you’re not alone! GDPR is a European Union (EU) data protection law that went into effect on May 25, 2018. 

The GDPR is a law designed to protect the privacy of EU citizens and residents, and it applies to any company that processes the personal data of EU citizens or offers goods or services to them. In this blog post, we’ll discuss what GDPR is and how you can make sure your website is compliant with its provisions.

What is GDPR and what is its history?

The General Data Protection Regulation (GDPR) is a set of regulations that member states of the European Union must implement in order to protect the privacy of digital data. The regulation is also known as the EU Data Protection Regulation, Reg. No. 765/2016, replaces the Data Protection Directive 95/46/EC, which was passed in 1995 and did not take into account advances in technology.

The regulation sets out strict rules about how personal data must be collected, used, and protected. It gives individuals the right to know what personal data is being collected about them, the right to have that data erased, and the right to object to its use. The regulation applies to any company that processes or intends to process the data of individuals in the EU, regardless of whether the company is based inside or outside of the EU.

The key definitions for the GDPR are:

Personal Data: Any information relating to an identified or identifiable natural person.

Data Processing: Any operation or set of operations that are performed on personal data or on sets of personal data.

Data controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Consent: There are strict new rules about what constitutes consent from a data subject to process their information.

• Consent must be “freely given, specific, informed, and unambiguous.”
• Requests for consent must be “clearly distinguishable from the other matters” and presented in “clear and plain language.”
• Data subjects can withdraw previously given consent whenever they want, and you have to honor their decision. You can’t simply change the legal basis of the processing to one of the other justifications.
• Children under 13 can only give consent with permission from a parent.
• You need to keep documentary evidence of consent.
• There are strict new rules about what constitutes consent from a data subject to process their information.

People’s Privacy Rights

You are a data controller and/or a data processor. But as a person who uses the Internet, you’re also a data subject. The GDPR recognizes a litany of new privacy rights for data subjects, which aim to give individuals more control over the data they loan to organizations. As an organization, it’s important to understand these rights to ensure you are GDPR compliant.

Below is a rundown of data subjects’ privacy rights:

• The right to be informed  —  Data subjects have the right to be informed about the collection and use of their personal data. Organizations must provide a clear and concise explanation of how personal data will be used and must be given the opportunity to opt out of data collection if they so choose.
• The right of access  — This includes the right to know what personal data is being collected, why it is being collected, and how it will be used. Organizations must provide a way for data subjects to access their personal data easily.
• The right to rectification — Data subjects have the right to request that their personal data be corrected if it is inaccurate or incomplete. 
• The right to erasure — This is also known as “the right to be forgotten”. Organizations must take reasonable steps to delete personal data when requested by a data subject.
• The right to restrict processing — Data subjects have the right to request that the processing of their personal data be restricted. This means that organizations can only process personal data for certain limited purposes, and cannot use it for other purposes such as marketing or research.
• The right to data portability — Data subjects have the right to receive their personal data in a format that can be easily transferred to another organization. This allows individuals to move their personal data from one organization to another easily.
• The right to object — Data subjects have the right to object to the collection and use of their personal data. This includes the right to object to marketing activities and automated decision-making.

In Conclusion

As we have seen, the GDPR is a broad and complex regulation that has a major impact on organizations around the world. It is important to ensure that your company is compliant with the GDPR in order to avoid any potential penalties. If you are unsure about your organization’s compliance status, we recommend consulting with an attorney or other expert on the matter.

If your company website is required to be GDPR compliant, we are here to help! Contact us today to discuss implementing GDPR compliance requirements on your website.