News Bulletin: GDPR takes effect May 25th
Post Date: 04/16/2018
A new regulation is going into effect on May 25th, 2018, and it affects anyone who does business within the EU and collects the personal data of EU citizens.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a regulation in EU law concerning the protection and privacy of the personal data of those in the European Union. This new regulation replaces the 1995 Data Protection Directive and goes into effect on May 25, 2018.
What does that mean?
For an individual
From the perspective of an individual, this means that you have the right to know if your data is being collected and how that data is being used. You also have the right to either opt-in or opt-out of the data collection activities.
For a business
From the perspective of a business, this means that you are required to clearly make known when you are collecting sensitive personal data and how that data will be used. You are also responsible for giving individuals a way to either opt-in or opt out of the data collection activities.
The GDPR specifically states that burying this information in a long illegible "Terms ∧ Conditions" document won't cut it. As a business, you need to ensure that individuals are clear that their data is being collected.
What should I do?
What the GDPR doesn't state is how you should accomplish this, specifically. While the regulation is clear in that individuals have the right to restrict use of their sensitive personal data, it is not clear about how businesses are expected to meet the expectations.
Because of the ambiguity of the regulation, Beetle Eye cannot ensure that a specific action taken will guarantee compliance. Based on our interpretation and much research, we would offer the following suggestions for those businesses that collect sensitive personal data of individuals. It is up to each business to interpret the regulation and make any process changes as they see fit.
Suggestions
- Inform users before collecting any sensitive personal data
- Inform users about how their personal data will be used if collected
- Offer users a way to either opt-in or opt-out of having their data collected
- If users opt-in to data collection, offer an easily accessible opt-out option in case they change their mind in the future.