Privacy

GDPR How to

Complying with GDPR is vital. Any business found not sticking to the rules could be charged fines of up to €20 million or 4% of the company’s global annual turnover, though the toughest fines will be reserved for the worst data breaches or data abuse.

The GDPR is due to come into force on 25 May – and even though the UK is due to leave Europe in the next 12 months, it will still apply to all businesses handling EU residents’ data, effectively replacing the Data Protection Act 1998.

The EU’s General Data Protection Regulation (GDPR) was introduced to unify all EU member states’ approaches to data regulation. It will protect EU citizens from organizations using their data irresponsibly and puts them in charge of what information is shared, where and how it’s shared.

We need to be explicitly clear about:

  1. What data we store
  2. How we use it
  3. For how long
  4. What else is that data being used for?
  5. How users can update or remove this personal data.

So, to be GDPR compliant, it seems we need to:

  1. Send info email to all emails we have, stating the previous points
  2. New signups should know and accept all the previous points
  3. All forms must have privacy information visible
  4. Create a new page to explain how we treat user’s data based on the previous points

Check out this great checklist ‘GDPR Checklist for Businesses’ @ https://www.process.st/checklist/gdpr-checklist-for-businesses/

Extracts from https://www.process.st/gdpr-compliance/ (the best resource I’ve found):

You should make sure to document all aspects of your company’s interactions with data.

  • Why was the data gathered in the first place? What is its purpose?
  • Upon what legal basis are you justifying holding that data? Consent or legal requirements?
  • Who has access to that data?
  • How are you protecting that data from breaches?
  • What else is that data being used for?

Here is a short summary from Irene Bodle of the particular subject rights you should be aware of as a SaaS company:

  • data portability;
  • the right to be forgotten;
  • the right to prevent profiling;
  • the right to object to processing;
  • the right to rectification and erasure.
  • subject access requests (“SARs”).

Deadline: 25th May 2018

Get in contact if you need help.

Beto López
"Full stack" web developer focused in maintenance and bug fixing.Wordpress, Prestashop, HTML, CSS, Javascript, Php and Mysql. Also open source collaborator. Linkedin y Twitter.


Leave your email and we'll contact you