What is General Data Protection Regulation?
The importance of internet security in terms of data processing and storing has been a concern for many. Because of that, the European Union has passed legislation regarding this matter. The legal framework is called General Data Protection Regulation or GDPR.
GDPR is a legislation that sets the guidelines regarding the collection, processing, and storing information from individuals who reside in the proximity of the European Union or EU.
The GDPR covers all business establishments and organizations that operate in the EU and even those which are not operating in the EU but offers good and services to residents in the EU. The main goal of GDPR is to give EU residents control over their personal data and that organizations must comply with data and privacy rules.
What is GDPR – Compliant Private Policy?
The GDPR private policy has specific requirements that must be met as to what should be included in a private policy in GDPR. This is called private notice.
What is a Private Notice?
A private notice is a document from an organization that shows and explains in detail how the organization collects, processes, and stores a user’s personal data and how they secure them. GDPR provides concise and clear instructions on how to create a privacy notice which is easy to understand (Articles 12,13 and 14).
As per GDPR, the privacy notice should be:
- Written clearly in plain language.
- It should be concise.
- It should be transparent.
- It should be easily accessible.
- It should be intelligible.
- It should be free of charge.
- It should be delivered in a timely manner.
The GDPR requires the following information that the users should know about you:
- Business name or your name, business address, and contact details.
- The information that you need to collect from the users (name, email addresses, and other personal information).
- Methods that will be used to collect such information.
- The reason why you are collecting such information.
- How you are keeping their information secure.
- Let them know they have the option to share the information or not and give them the consequences if they do so.
- Third-party services used to collect, process, or store information (e-mail newsletter service, or advertising network).
- What data are being collected? Our organization collects personal information such as name, email address, phone number, birthday, etc.)
- How do we collect data? By registering you are providing information that is needed to create your account on the website, place an order for any of the products, complete a survey, and use the website via the browser’s cookies.
- How is your data being used? Send emails regarding special offers or newsletters, process product orders, and manage your accounts.
- How your data is securely stored? Our organization securely stores data at (provide the location and the security precautions are taken).
- Marketing – Inform that the organization might send notices about products and services.
- Data protection rights – Explain that your organization makes sure that you know your data protection rights. You have the right to access, rectify, erase, restrict processing, object processing, and data portability.
As we do most of our transactions over the internet, it is very important that we stay secured and keep our personal information private. The GDPR is a big leap in giving EU citizens and residents control over how their data is being used by organizations and companies. This is the first step in staying secure, which is of essence.