GDPR
Recently, you may have heard a lot about the term GDPR, but what is it?
Today, every website and online store must meet the requirements of GDPR.
GDPR is a regulation on personal data protection that will replace the current law (still in force until May 15, 2018) and unify issues related to collecting and processing personal data within the EU.
For some time now, there has been a lot of noise about upcoming changes to personal data protection. The new regulations, ie GDPR, will also affect the e-commerce industry. Therefore, I decided to summarize the most important points and share my observations regarding these modifications.
The new regulation should not be a collection of ready-to-use rules that you must follow from now on; rather, you must analyze the level of risk and ways to prevent it. You must make maximum efforts to ensure that data processed in your online store is as safe as possible.
Failure to adapt to new regulations will result in high fines that can potentially reach millions of euros. Of course, each case will be evaluated individually, but knowing reality we can rather expect a higher than lower fine threshold for irregularities, so it’s worth making maximum efforts to ensure data processed in your online store is as safe as possible.
1. With the entry into force of new regulations related to personal data protection, we gain, contrary to appearances, greater freedom in choosing security measures, and also what may seem strange to some – the abolition of the obligation to report a database of personal data to the General Inspector for Personal Data Protection …
2. The definition of personal data will be significantly broadened
In connection with the acquisition of new technological achievements, including geolocation, determining IP addresses, genetic data, etc., they become personal data and are subject to protection.
3. From May 25, 2018, the obligation to inform will expand, and people whose data we process will gain greater rights. Already at the stage of collecting customers’ personal data, we will have an obligation to inform them about the purpose of collecting their data, as well as how long we intend to process it, to whom it will be made available, where we obtained the data if we received it from third parties, etc. The content of all these information must be transparent and understandable for an average person. In addition, if we collect data other than through placing an order in a store, we are obliged to inform such a person within 1 month about collecting their data and their related rights.
The client whose data we have collected has the right to:
– be forgotten, ie de facto delete data from our systems, but only when processing these data is not necessary
– migration of personal data to third parties
– access to the history of data processing
4. Data leak
If there is a data leak, we are obliged to report it to the supervisory authority and the data administrator as well as to people whose data leaked.
5. Appointment of a Personal Data Inspector (API)
In accordance with the new GDPR regulation, entities processing personal data will be required to appoint a Personal Data Inspector who will monitor the actions of the data administrator.
6. Outsourcing
Most companies use outsourcing services, using either subcontractors or assigning various tasks performed on our behalf to other companies (IT companies, accounting offices, etc.). With the entry into force of GDPR, there will be a need to create documentation that will justify transferring access to data to a specific company. Existing contracts must also be updated. GDPR imposes an obligation regarding specifying conditions of the contract for information, including the purpose of providing data and the time of their processing/availability.
If this article was helpful to you, we would be grateful if you could share it with someone else on Facebook or Twitter.
If you are choosing a contractor for your website or online store and have any questions related to this or other topics discussed on our blog, use our free consultation (form below).
