The GDPR (general data protection regulation) is a new law put into effect to give EU citizens more control over their data. This law has been placed to have organizations follow a more transparent approach to the way in which they handle personal Information. It looks to protect data from a person’s name, their location to their activity online.
The process of handling data from users has to follow guidelines such as what is the purpose of the data stored and who it is shared with. We have detailed the same in the points below.
This becomes a challenge as most of the interaction in the digital world revolves around data. That which the user seeks to access, and then the data that is used to personalize information to influence the user. Although the law has been put in place to protect EU citizens, many major organisations like facebook, google, have ensured that it will follow this compliance across the world. With a few other organisations following suit.
Here are a few guidelines that your company needs to follow in order to be GDPR compliant.
1. Having forms request consent should not be checked by default. For instance,‘We would like to send you offers and updates’.
2. Grouped consent: permissions should be requested separately. For instance, ‘I accept terms and conditions’ would be set as a separate request and ‘You can contact me for updates and newsletters’ would be placed as a separate request.
The options are requesting for permission separately.
3. Opt-In contact should be different for seperate contact methods, like e-mail or telephone.
4. Users should also be given the options for the type of content they opt in for based on the subject matter available on the website. For instance, digital marketing, web design trends, etc.
5. While mentioning the clause regarding sharing of data, each of the third parties should be named, for which the consent is provided.
6. If your website deals with payments, it is important to have a mechanism that guarantees removal of personnel ecommerce data entered prior to submission to the payment gateway. Example, removal of personal information within 2 months of a transaction.
7. Third party data tracking should also be mentioned in the terms and conditions. For instance Hubspot and Canddi, access user data if integrated and should do so with the users permission on the platform or website it is integrated with.
We look forward to getting your website and app GDPR ready. Contact us for more information.