The new GDPR is a law that has been issued to protect the rights of European Union citizens. Therefore, it is mandatory for any company that deals with European citizens’ data. Regardless of the nationality of the company. That means that companies like Amazon or Facebook must also comply with the new GDPR.
As of May 25, data collection requires that the consent is express. This implies that there will be no pre-marked boxes in web forms. Also, the law understands that the user must fully understand the terms in which that consent is requested. Otherwise, the consent will be considered as non-existent.
That is to say, clauses written in a complicated legal language will no longer be valid. There are experts who believe that, if the user who gives consent for the treatment of such data is a child, the request for consent must be written in a way that the child can understand.
At all times, the user must know what their data will be used for. In addition, the new right of access to the data implies that any user or client can request a copy of their data to be passed on to a new provider. This is the so-called right of portability. In the case of Facebook and other social media, for example, the user may request a copy of the data he gave to register in the application, but not of all the information that he has uploaded while using it.
Users may request the deletion of their personal data when they are no longer necessary for the purpose for which they were requested. Failure of this right to oblivion will be punished with very high fines.
One of the most discussed clauses of the law is the need to inform users if their data has been stolen. The law establishes a limit of 72 to do so. A very short period, especially in companies that deal with a large amount of data.
If you send newsletters, offers or keep any other kind of communication through any of the many channels that offer e-mail marketing strategies, you will have to re-obtain the consent of the people whose data you already own. This consent must be express and informed. Otherwise it will not be valid. An invalid consent could actually mean a high risk of being fined.
You should also make sure that your forms and subscription application boxes incorporate all the elements required by law. Web forms with a data box and an acceptance button are no longer acceptable. These forms must inform about the whole meaning of clicking in the button.
Here, from DES Madrid, we encourage you to catch up with the new GDPR. Compliance will keep you safe from fines and will make your clients more confident when using your web page. Keep reading for more useful information on online business.