WHAT IS GDPR AND HOW DOES IT APPLY TO WEBSITE OWNERS?
The GDPR is ushering in a new era of data security and privacy protection. It requires organizations to take significant steps for protecting user data. And to become compliant with the GDPR, organizations need to implement new protocols and practices regarding how they handle user data.
GDPR: GENERAL DATA PROTECTION REGULATION
The GDPR is a new regulation that gives EU residents certain rights and privileges related to their personal data. Any organization that handles, controls, or processes personal data of individuals living in the EU must comply with this regulation. The aim of the GDPR is to modernize the data security and privacy protection laws existing in the EU and better adapt to the new world of social networks and digital marketing.
A complex maze of information containing 99 articles, the GDPR demands that organizations comply with a number of new requirements.
Consent of the Data Subject. Explicit and clear permission of the users is required prior to the collection and processing of their personal information.
Right to Access One’s Data. Data subjects will be given access to their data. They will also be given the right to modify it.
Right to Object. The data subject has the right to object to the processing of their personal information, unless the data controller (you) has reasonable legal reasons for processing.
Right to Erasure (Right to be forgotten). The data subjects can ask the data controller to delete their data without any delay if (1) the data subject withdraws consent, (2) the information is no longer required for the purposes it was gathered, or (3) the data subject requests to stop data processing.
Data Protection Officers. Organizations will appoint data protection officers where monitoring and processing of large scale data is involved.
Data Breach Notifications. In case of a data breach, data controllers must inform the data subjects and the concerned authorities within 72 hours of the breach.