GDPR (General Data Protection Regulation) is the new EU regulation around data privacy. It primarily highlights that their citizens data should be fully in the control of the citizen and with complete transparency on how it’s used. In a nutshell, the exact opposite of what happens with user data in the US.
What is the Checklist?
Take explicit user consent on how/where their data will be used in simple language (no 50 page agreements with “I agree” at the bottom)
Must provide the collected data to the user free of charge at their request
Destroy user data records at their request (data brokers watch out!!!)
Notify customers of data breaches that may affect privacy
Privacy must be baked into a product and not be a bandage
What are the fines for non-compliance?
Fines can be up to 20 Million Euros or 4% of the companies turnover.
Who needs to comply?
It’s a regulation that all EU countries need to comply with. Furthermore, all companies (outside the EU) that deal with EU resident’s user data also need to comply with it. That will include the likes of Google, Facebook, email providers, almost any global service provider.
GDPR goes went into force on May 25th, 2018.
For customized privacy coaching, please check out our Privacy Training where we help you take control of your data scattered out there in the cyber jungle!
