Every day it becomes more normal for us to share personal information online . At the moment, there is a good chance that many websites and online services will have access to sensitive data about you. This may include your address, contact information and even your credit card numbers. As the owner of a website, you must make sure that you treat your users' data with the care you want for your own information.
Data protection rules are essential if we want to impose higher standards of security and transparency, both as clients and as administrators. This article will give you an accelerated course on the two most important data privacy rules in 2018. We will explain what they mean for you and how to apply them on your website. Let's take a look!
- 1 What is the data protection law (and why should you be interested in it)
- 2 2 Data Protection Regulations You Should Familiarize With
- 2.1 1. General Data Protection Regulations (GDPR)
- 2.2 2. The ePrivacy Regulation
- 3 Conclusion
What is the data protection law (and why should you be interested in it)
Data protection rules define rules for when and how you can collect personal information from users of your website. The details such as e-mail addresses names and IP addresses all fall into the category of personal data and most websites collect at least some of this information.
As an Internet user, it's easy to see why such regulations are essential. Let's decompose the main reasons:
You probably share more information than you think online. Most of us are enrolled in dozens of services and websites, some of which require more personal information than others. Social networks are an example of this trend pushed to the extreme.
At the same time, it is important that you protect your privacy. Ideally, you should be able to check how each website processes your data, and take this information into account when you decide to use it or not.
Once your information is available, websites may share it or sell it to third-party services. Those with a malicious intent may even have access after a data breach, which often results in the massive circulation of stolen information databases on the web. All of this means that if you use a website, you may need to strengthen your game in terms of security and transparency. Users have the right to know what is happening with their information, and you may even have the legal obligation to inform them.
2 Data Protection Regulations You Should Familiarize With
Before delving into the details, it is important to note that we are not lawyers. If, at any given time, you are not sure that certain laws apply to you, or that you think you are responsible for a violation of any of these regulations, you should consult a professional.
To be fair, you probably do not need to worry about fines for breaking these rules unless you use a massive website. However, you should always take the time to read them and understand how they work. In this way, you can ensure that your website is always fully compliant with applicable legislation.
The General Data Protection Regulation (GDPR) was established in December 2015 and aims to guarantee the right of EU citizens to basic standards of protection Datas. It was ratified early 2016, replacing the old Data Protection Directive (1995-2018), and it will become enforceable on May 25, 2018. That means you still have a little take time to familiarize yourself with these regulations and determine what you need to do to comply with them.
Lately, the GDPR has generated a considerable buzz online, as it is the most comprehensive set of rules for data privacy drafted so far. The main purpose of this legislation is to create a set of easy-to-follow rules for the entire EU, which respect the highest standards of data privacy.
Why you should be interested in GDPR
Although being an EU regulation, the GDPR will apply to any site that collects data from EU citizens. This means that if you use a WordPress website with registration enabled and some of your users reside in the EU, the GDPR applies technically to you.
You might still be tempted to ignore this legislation if you operate elsewhere, but do not forget that its main purpose is to protect EU citizens. Since non-EU companies also have to comply with the GDPR, it goes without saying that you could be fined for breaking your rules no matter where you are based.
The GDPR may impose several types of penalties. For example, you could be fined 2% of your annual worldwide income for failing to disclose a data breach, or up to 4% for failing to seek consent from the # 39, user to store data. These are stiff fines. However, the good news is that compliance with the GDPR is relatively simple.
What you need to do to comply with the GDPR
The GDPR is a massive piece of legislation, but we can finally reduce its content to the six fundamental rights it grants to users. Here is what they are and how to comply with each one of them:
Notification of violation. Under the GDPR, you must inform your users within 72 hours if a violation occurs that could compromise their data.
Right of access. Users have the right to access the information you have about them.
Right to be forgotten. Your users have the right to ask you to delete their accounts and any personal information you have. You may also need to stop sharing this information with third-party services.
Right to portability. Users will be able to request that you transmit their records to other "controllers" or services, as appropriate.
Privacy by design. You may be responsible for data breaches if your system is not secure by design . In other words, you can be held responsible for not taking the necessary precautions to protect the information of the user.
Data protection officers. If you handle massive amounts of user information or sensitive data, such as criminal records, you will need to work with a Data Protection Officer (DPO) .
This is a lot of information to deal with. However, as you can see, most of these rights are relatively simple to apply. We have already discussed how to comply with user account deletion requests in the past, as well as how to create privacy policies . Other clauses, such as the information your users have about data breaches, simply require that you send an email notification. Complying fully with the GDPR may take a little work, but it's very feasible for almost any website.
2. The ePrivacy Regulation
Before we move on, let's talk briefly about the difference between a and a directive within the EU. Regulations approved by the EU become automatically applicable in all Member States. However, guidelines simply specify a goal, and members are free to use the methods they want to achieve it. In other words, the replacement of the ePrivacy Directive by the ePrivacy Regulation is intended to simplify matters for regulators.
Why You Should Focus on Privacy and Online Security
In addition, if you have users or customers located in the EU, you can be held responsible for violations. This means that you will almost certainly have to adapt to it no matter where you are.
What to do to comply with the regulation on privacy and security
Keep in mind that the regulation on privacy and electronic communications is still not in force. This means that it could be subject to change before it actually passes. However, as it is now, here are the main stipulations to which you will have to adapt:
Consent for online marketing. You will now need to ask users for their consent before contacting them with online marketing.
When you summarize it, the regulation on online privacy is all about consent. Users have a right to privacy online until they specify otherwise, and you can not take the consent for granted. If a lot of your business comes from online marketing, you will have to stay away from avenues such as Cold E-mails for example. We recommend keeping an eye on the latest news about this settlement as it will be finalized.
In other words, you need to know the latest data privacy regulations. Otherwise, you will not be able to protect the information of your users. These two recent pieces of legislation are an excellent starting point:
The General Regulation on Data Protection (GDPR) : This regulation puts the emphasis on the protection of private data of EU citizens.
Regulation on Privacy and Electronic Communications : This related law deals with the right to privacy itself.
Do you have questions about the impact of these regulations on data protection? We are not lawyers, but let's talk about it in the comments section below!
Image from article thumbnail by Chris Bain / shutterstock.com.
The post A quick guide to the regulation of data protection in 2018 first appeared on Elegant Themes Blog .