While the GDPR is EU-based legislation, it also applies to any company that does business with EU any consumers who views sites while in the EU. In other words, this legislation impacts almost all internet-based businesses. For the most part, GDPR requirements will strengthen companies’ privacy policies and provide additional protections for consumers.
The key issues addressed by the GDPR include:
- Consent: Individuals must opt-in to data collection, and business geared toward children must also get additional consent from parents or guardians before children’s data can be collected.
- Encryption: Personal data must be encrypted.
- Information Obligations: When a company directly obtains information about a person, they must be informed upfront about their privacy rights, how their data is processed, etc. When a company indirectly obtains this a person’s data, they must directly contact the individual with this information within a month.
- Right to Be Forgotten and Right of Erasure: Personal data must be erased as soon as it is no longer needed for processing or as soon as the subject of that data has retracted their consent. In addition, all parties who may have had access to that data must be notified and the data wiped thoroughly and quickly.
Disclaimer: This content is for general informational purposes only and does not constitute legal advice. Please read any received privacy policies and the actual legislation for more information.