11

Disclaimer

GDPR is the European General Data Protection Regulation, Compliance with the GDPR will be based on the specific facts of an organization’s business, operations and use of data.

In this blog, I will try and set out discussion points that may be useful in the development of an organization’s GDPR compliance efforts from the website/application owners and developer's perspective, and how to deal with accessibility and user data management and its relationship with GDPR.

What I discuss here is not intended to be legal advice, guidance or recommendations. An organization should consult with its own legal counsel about what obligations they may or may not need to meet it is all based on the presentation on the subject that I deliver to my clients in Europe.


Historical Overview

Before 25th May 2018 we had;

  • Data Protection Act 1998 (DPA)
  • Privacy and Electronic Communications Regulations 2003 (PECR) additional restrictions on direct marketing by electronic means (phone, fax, email, text, video messaging), rules on cookies etc.
  • Regulation of Investigatory Powers Act 2000 (RIPA), covers ‘interception’ of communications (e.g. monitoring employee emails or internet usage)
  • Since 25th May 2018, we have the new EU General Data Protection Regulation (GDPR) has required all organisations, that hold data related to EU data subjects, to more effectively manage data on their customers, employees, contacts and any other relevant persons on their digital media or traditional paper format.

GDPR and IT Governance apply to all verticals, all sectors, all organizational sizes.
There is no current formal certification for GDPR. ISO 27001 does not cover all of the new directives. BS 10012 is the new certification for GDPR, however, it is not easily available to most of the EU member states.


image


Natural person = a living individual

Natural persons have rights associated with:

  • The protection of personal data
  • The protection of the processing personal data
  • The unrestricted movement of personal data within the EU

The Article 1-3 deals with who and where of personal data that is processed wholly or partly by automated means or the personal data that is part of a filing system or intended to be.

The Regulation applies to controllers and processors in the EU irrespective of where processing takes place. Also, it applies to controllers, not in the EU and anywhere in the world serving EU citizen.


GDPR Importance

The GDPR is broadly the same as DPA (Data Protection Act 1998) but extends obligations and potential liability to data processors and controllers. The protections apply to any organisation (anywhere in the world) that process the personal data of EU data subjects. Below is two important reason for why it is so important for organisations to comply.

  • Significant impact on organisations and how organisations that capture user data and manage the acquired data with some potentially very large penalties for violations set at 20 Million Euro – 4% of global revenues
  • Impacts the storage, processing, access, transfer, and disclosure of an individual’s data records

GDPR also covers security, legal, compliance, risk, data management issues and much more…


GDPR – the value proposition

While there are challenges in complying with GDPR, but organisations will need to fully develop their approach to avoid reputational damage and fines.

GDPR will force changes in the way we manage user data and possibly, the once in a generation opportunity to transform the way organisations are compelled to manage data. It has many benefits that support digital transformation outcomes and will have IT opportunities for developers with:

  • Newer web tools and web standards are required in the CMS and Email Marketing we engage today
  • It impacts all web application and email processors for owners and administrators and therefore brings extra revenue for those that deal with fixing or finding good solutions.

image


Organisational Data Governance

  • Need: to understand what all the in-scope data is used for, why and by whom
  • Why: so you understand how you’re aligning to the principles
  • Is all of the captured data really necessary?: limit the amount of data collected and reduce the potential for breach and non-compliance with GDPR. DO NOT ask for un-necessary data
  • Conduct a personal data audit: delete inaccurate and out-of-date and ask questions about the data collected
  • Disclose all usage of the data: create an in-house data policy and adhere to it to demonstrate to authorities when required.

What counts as personal data?

Practically any kind of data you collect from your users. This can include things like email addresses collected from newsletter sign up forms, a name from a contact form, or even using Google Analytics and more...


“Personal Data” is defined by the GDPR guidelines as any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly in particular by reference to an identifier such as; a name, an identification number, location data, an online identifier to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”


It also applies to site owners outside EU that provide their content to EU resident
Ask for consent to meet GDPR standards

  • Contain a clear statement of consent - use plain language that’s easy to understand (no legalese)
  • Require a positive opt-in - (i.e., no pre-ticked boxes, silence, or inaction)
  • Self Contained - be separate from any other terms and conditions
  • Reasons for Data Capture - explain why the entity wants the data and what it will do with the data
  • Disclose the Consumers of Data - name any third-party controllers that will rely on the consent
  • Clarity in consent options - explain how the data subject may withdraw consent
  • Provide alternative if no consent is given - avoid making consent a precondition of service
  • Update the Privacy Statement – revise the statement to cover GDPR & also revise Cookie Consent
  • Right to be Forgotten – provide a way to withdraw consent & purge the collected personal data

image


Where to Start?

Where? Determine what data you hold, where it came from
What? Determine what information you have pertaining to customers
Who? Review which third-party service providers you use

Who would be involved in the process

Data Controller – How personal data is collected, for what purpose & how it is used
Data Processor - Maintains & processes the data on behalf of the Data Controller
Data Protection Officer - Oversees the data security strategy and GDPR compliance

DPO is required, if you process sensitive data or data relating to criminal convictions (ie religious/political views, sexual orientation, health data etc.) or are a public authority OR if solution regularly monitor/process data from EU citizens on a large scale.


Transparency

People anywhere, and now by law in EU have the right to know what kind of information is being collected from them, how it is being stored and what it will be used for.


image


Web Site or Application Manager To-Do-List (if not done yet?)

Unless you are a sizable organization and have all the resources and funding available to comply With GDPR in one go, you might want to do the work in 2 to 3 phases and prove it is work in progress.


image


What about Emails and Newsletters?

GDPR will require provable consent for someone being on a mailing list. For new subscribers to your list, gaining consent will be easier, but what about existing email marketing clients? The original consent might not have been kept.


image


Areas of the site or application that requires a review

You are likely to require consent from your users in many areas. Below are a few examples which include, but are not limited to:


image


Add Explanations to Forms

Tell your visitors why you need to ask the questions on the form and detail how they will be used and shared. Don’t collect more data than is absolutely necessary, and make sure to link to your Privacy Policy for more information. You also need to provide a checkbox for them to give explicit consent.


image


The GDPR Cookie Consent

To stay compliant with any new modification of regulations related to data protection, such as the GDPR. The existing Cookie Module will need to be enhanced. See example below where you need to explain all aspects of the cookie you capture, why and if the user can make them inactive.


image


Continuous Risk Assessment


image


If in doubt then please do contact a Professional for Advice

GDPR is a drastic overhaul of current EU privacy and data regulation; so naturally, the entire process can appear a little daunting. So speak to a professional, and see what steps need to be taken to make your site GDPR-ready, simply get in touch today.


image


Please do contact me if you have a requirement for GDPR consultation or require a more hands-on fixing of the elements within your organizational WebSite or Web Application as well as how to deal with existing user data. Naturally, bulk marketing Email or Newsletters to a user base that includes EU citizens are of utmost importance. Advise on how you send them and capture data from EU citizens are relevant in the new GDPR era.

Post Rating

Comments

Cheap Assignment Help
Wednesday, July 4, 2018 7:43 AM
Compliance and it's management are done quite efficiently at the banks. I have seen it for myself so i can say.
coursework writing
Friday, July 6, 2018 3:34 PM
This has been one of the most important posts the things which are discussed here would be an ideal for some time I thought I would not be able to get things going fast enough but it did went
HND HR Assignment Help
Monday, July 9, 2018 1:06 PM
Web Application trends increasing more and day by day. Most of the I.T based companies are working for web and mobile application. In coming two or three year it's trends will become more and more. It provides more benefits to user and companies both.
jocisub
# jocisub
Monday, July 16, 2018 1:50 PM
Wegmans Food Markets is a privately held American supermarket chain. www.mywegmasconnect.com employs thousands of people throughout their many store locations.
Mike Jason
# Mike Jason
Monday, July 16, 2018 2:18 PM
The purpose of this is to demonstrate the value of compliance, but this ordinance is not about income generation; penalties will be the latest resort, assignment service online but if your paperwork is not in line then an inquiry could quickly be destined for monetary fines.
remove search history bing
Tuesday, July 17, 2018 7:36 AM
How to delete bing search history,it is very simple search browser,microsoft launched this browser 5 month ago with some many features,and microsoft developed voice search box new tool in bing,users can easy to voice command.
Whey Protein in Pakistan
Saturday, July 21, 2018 1:12 PM
GDPR is imperative since it enhances the assurance of European information on subjects' rights and clears up what organizations that procedure individual information must do to shield these rights.
Cover letter writing service Dubai
Saturday, July 28, 2018 1:33 PM
GDPR is planned to make stronger and unite information security regulation in the digital age and that is very good for the organizations.
www.mybkexperience.com
Friday, August 3, 2018 8:37 AM
MyBKExperience is a customer experience survey conducted by the Burger King to measure its customer’s satisfaction.
Mahakaal HD image
Friday, August 3, 2018 12:22 PM
Download lord shiva stock photos. Affordable and search from millions of royalty free images, photos and vectors.
mahakaal hd images
Benefits of Lettuce
# Benefits of Lettuce
Tuesday, August 7, 2018 1:14 PM
I think I have never seen such blogs ever before that has complete things with all details which I want. So kindly update this ever for us. Benefits of Lettuce
Spices
# Spices
Tuesday, August 7, 2018 4:09 PM
The next time I read a blog, I hope that it doesnt disappoint me as much as this one. I mean, I know it was my choice to read, but I actually thought you have something interesting to say. All I hear is a bunch of whining about something that you could fix if you werent too busy looking for attention. Spices
Black Seed Oil
# Black Seed Oil
Tuesday, August 7, 2018 4:17 PM
I’m excited to uncover this page. I need to to thank you for ones time for this particularly fantastic read !! I definitely really liked every part of it and i also have you saved to fav to look at new information in your site. Black Seed Oil
Spelt
# Spelt
Tuesday, August 7, 2018 4:22 PM
We are really grateful for your blog post. You will find a lot of approaches after visiting your post. Great work Spelt
Sage
# Sage
Tuesday, August 7, 2018 4:27 PM
Great info! I recently came across your blog and have been reading along. I thought I would leave my first comment. I don’t know what to say except that I have. Sage
Oregano
# Oregano
Tuesday, August 7, 2018 7:46 PM
I really enjoy simply reading all of your weblogs. Simply wanted to inform you that you have people like me who appreciate your work. Definitely a great post. Hats off to you! The information that you have provided is very helpful. Oregano
Cilantro
# Cilantro
Tuesday, August 7, 2018 7:58 PM
I enjoy it for creating the details, keep up the truly amazing perform continuing Cilantro
Parsley
# Parsley
Tuesday, August 7, 2018 8:09 PM
I have recently started a blog, the info you provide on this site has helped me greatly. Thanks for all of your time & work Parsley
Top Essay Writing Services
Thursday, August 16, 2018 7:34 AM
Essay writing takes a lot of time of the students, And it is compulsory for the students to submit quality essays. Hence, they seek professional essay help from trained academic essay writers.
njmcdirect
Wednesday, August 22, 2018 7:53 PM
Children and young people are at significant risk on the roads. Road safety education plays an important role in shaping the attitudes and behaviors of children and young people which help them to become responsible drivers, passengers, pedestrians, and cyclists.
evandevn
Tuesday, August 28, 2018 12:54 PM
http://www.salaro.com
t es
preyasi
# preyasi
Thursday, September 6, 2018 11:56 AM
Engineering as a subject combines mathematics, logic and science to find solutions to our daily life problems. Over the last few decades, engineering as a profession has seen vast expansion.

Engineering college in Chandigarh

MBA college in punjab

Engineering college in punjab

Fashion Technology College in chandigarh

Top BCA College in Punjab

fair
# fair
Monday, September 10, 2018 12:31 PM
Our academic pursuits, along with a range of extracurricular activities, help in honing a child's skills and ensuring that he/she grows to be a mature and responsible citizen.
top school in greater noida

admission 2018 best school in greater noida


fair
# fair
Saturday, September 15, 2018 11:41 AM
Our journey started as frontrunner to bring Apple technology to the Indian subcontinent. Today, SRSG has emerged as one of the leading full-service player offering an array of products and services for system integration, broadcast consultancy, IT infrastructure services, maintenance services and digital archiving services for the broadcast industry.

Apple reseller in Kolkata

Apple authorized service center in delhi

Macbook reseller in Ahmedabad

Mac pro reseller in Delhi

ipad reseller in kolkata

Pay Someone to Write my Research Paper
# Pay Someone to Write my Research Paper
Tuesday, September 25, 2018 10:27 AM
Web Application patterns expanding progressively and step by step. A large portion of the Pay Someone to Write my Research Paper based organizations is working for web and versatile application. Incoming a multi-year its patterns will turn out to be to an ever increasing extent. It gives more advantages to client and organizations both.
Accounting Homework Help
Thursday, October 11, 2018 12:36 PM
The brilliant string that ties together these suggestions is that under the GDPR, the idea of assent being given uninhibitedly, particular and educated is being fortified, with new standards, which implies organizations like our own need to give more straightforwardness.
Online Homework Help
Thursday, October 18, 2018 10:28 AM
Such A Nice Post, Keep Providing Good Resources.

Post Comment

Name (required)

Email (required)

Website

CONTACT US!
section6_map
section5_line

Head Office: Woking, UK

Development Office: Pondicherry

 
 
section6_msg
section5_line

Email :

Click here

 
 
Enter Your Name
Enter Your Mail Id
Enter Your Subjects
Enter Your Message