And Dreams Digital Logo Get A Quote

General Data Protection Regulation (GDPR)

HomeGDPRGeneral Data Protection Regulation (GDPR)
What is the GDPR?
  • December 7, 2022
  • GDPR
  • 4mins read

What is the GDPR?

The General Data Protection Regulation (GDPR) is a regulation that controls data protection and privacy to protect EU citizens across Europe. The regulation was put into effect on May 25, 2018.

The GDPR was developed to control how people’s data can be handled by companies and organizations. It is an important component of EU privacy law and human rights law to give people control over how their data is used.

With the GDPR, Europe takes a firm stance on data privacy and security against websites that track people’s data.

Who is Responsible?

Both companies and organizations within the European Union and outside the EU are responsible for GDPR.

GDPR Fines and Penalties

The fines for violating the GDPR are very high. It will impose heavy fines of up to tens of millions of euros against those who violate privacy and security standards.

There are two tiers of penalties of up to €20 million or 4% of global yearly turnover.

What are the GDPR’s Principles?

According to Article 5, seven key principles have been designed to guide how to process and handle data.

GDPR’s seven Data protection principles are:

  1. Lawfulness, fairness, and transparency
  2. Purpose limitation
  3. Data minimization
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality
  7. Accountability

GDPR Rights for Individuals

The GDPR gives individuals a new set of privacy rights for data owners, aimed at giving individuals more control over the data they give to organizations.

The GDPR provides the following rights for individuals:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision-making and profiling.

Rules for My Website

Stronger rules on data protection from 25 May 2018 mean citizens have more control over their data and business benefits from a level playing field. One set of rules for all companies operating in the EU, wherever they are based.

If your website operates in the EU and you use third-party services that process any kind of personal data, such as Google and Facebook, you need to obtain prior consent from the visitor.

To obtain valid consent, before processing any personal data, you need to explain the scope and purpose of your data processing in plain language to the visitor.

This information must always be available to the visitor, including your Cookie Policy and Privacy Policy at all times. You must also provide an easy way for the visitor to change their permissions.

The cookies save by your website and third-party applications must be listed and disabled if the user does not give permission.

Make Your Website GDPR Compliant

If you want to be fully GDPR compliant, you must be transparent about your data processing practices. Collect and use personal data fairly and lawfully.

Cookies

List the applications that store cookies on your website. Separate the cookies by specifying the cookie service provider, cookie name, purpose of cookies, cookie type, and expiration details such as below.

COOKIE SERVICE PROVIDER COOKIE NAME PURPOSE OF COOKIES COOKIE TYPE EXPIRATION
Google _ga To store and count pageviews. Statistics 2 years
Policies

Have a privacy policy and cookie policy that are easy to find and read. Document the grounds for lawful processing and update current privacy policies.

Update your legal documents such as Privacy Policy and Cookie Policy according to where personal data is processed. In particular, include third-party processors in documents.

Third-Party Service Providers

Review third-party services and vendors, such as embedded third-party services on your website or SAAS providers, and ensure they are also compliant with GDPR. Check out their privacy policies and cookie policies and link them on your website if necessary.

Cookie Consent

Let users manage their data. Develop application methods to get approval/rejection from visitors to ensure GDPR compliance. It may be a banner that appears on the first visit to your website.

Data Rights

Allow users to access, correct, and delete their data. Implement procedures that allow visitors to respond to data access, correction, and deletion requests. Include up-to-date contact information related to data rights on the website.

Conclusion

GDPR is different for every organization. That’s why it doesn’t say what security best practices look like. We’ve covered the most basic points of GDPR. The regulation itself is 88 pages. Considering all other services, we tried to fit about 100 pages of text on a single page. Here you can find the official PDF of the General Data Protection Regulation.

If you’re affected by the GDPR, we strongly recommend that you consult an attorney to ensure you are GDPR compliant. We can help you to make your website GDPR compliant. Contact us to get a GDPR consultancy service.

Resources

Disclaimer: This GDPR compliance blog post is a general guide only. It should not be construed as legal advice and readers should consult an attorney for any specific legal questions they may have.

Share :

Experienced founder with a demonstrated history of working in the advertisement industry. Skilled in Advertising, Social Media Marketing, Product Marketing, Photography, Post Production and Business Strategy. Strong business development professional graduated from computer engineering.

Related Post
  • August 16, 2023

Protecting Your Brand from Fraud

  • March 27, 2023

The Role of SOC 2 Audits

  • March 14, 2023

How do I File a GDPR Complaint

  • January 26, 2023

The ePrivacy Regulation

  • January 22, 2023

GDPR for Startups: A Practical Guide