On 25.05.2018, the General Regulation of the EU GDPR, which establishes updated norms for the use of personal data of private persons, enters into legal force. The changes concern the requirements for ensuring the privacy of users residing in the territories of the EU states. In this case, both European companies with Internet resources and foreign ones will be checked, among users of which there are residents of EU member states.
The scope of the GDPR
Regardless of the territorial location of the companies, if its customers are EU citizens, they will be subject to requirements and appropriate sanctions (in the form of fines of up to 20 million euros) in the event of their failure to comply. This also applies to organizations that have European branches abroad.
In addition to the use of personal information, the GDPR regulations impose restrictions on monitoring the behavior of citizens of EU countries in the Internet network, aimed at determining individual taste and consumer preferences. In this case, the rules apply to Internet resources used for trade and distribution of goods. According to the rules, the user should be warned about monitoring his behavior on the site or be able to access it in a short time.
Principles of GDPR technology
Accordingly, the GDPR methods for the implementation of personal data must meet the following requirements:
- Security and confidentiality. In the process of using information about users, it is necessary to protect it from theft, modification or deletion.
- Urgency of storage. The collection and storage of personal data is carried out within the timeframe necessary to perform the targeted processing of this data.
- Legitimacy and openness. All manipulations aimed at the use of data are carried out in accordance with the current EC legislation in an atmosphere of openness and accessibility.
- Minimization of collection. Information is collected strictly in the amount required to achieve the objectives of the collection.
- Reliability of information. Personal data is correct, and if any inaccuracies are detected, they are deleted.
- The target fee. Personal data of users are collected and implemented according to the purposes of their receipt.
The new GDPR technology provides for a number of requirements that will be presented to the Internet resources of organizations that have in their target audience citizens of EU countries.
The condition for the fulfillment of the rights of the owner of personal data
The technology stipulates the new right of EU citizens to request the company about the use of personal data, their nature, the degree of anonymity of the user on the site, the amount of information and obtaining documented confirmation. Information is provided when and for what purposes personal data can be delivered to third parties.
Now there will be a new opportunity to delete data, according to which the owner will be able to apply for the destruction of all information about himself. Under the new rule, data is destroyed in its entirety, ensuring complete anonymity of the user.
Notify of violations of the regulations of the GDPR
In case of loss or theft of personal data received, the representatives of the organization are obliged to notify the relevant regulatory bodies within 72 hours. Occasionally, this is also done with respect to the data owners themselves.
The obligation to transfer information to third-party companies at the request of the owner
This requirement is also introduced for the first time and is the right of the subject of personal data to provide him with an electronic copy of information about him for the transfer of its third-party organization. This innovation will significantly save time the owner of the data and increase the level of transparency under the regulations of the GDPR.
Request the owner to consent to the use of data.
The technology of the GDPR establishes strict rules for obtaining consent for the collection and processing of personal data by organizations. The form to be filled out is specified, the motives of the data owner must be clearly understood from its content. In this case, any psychological or manipulative influence will be considered a violation in order to provide the person with such consent. The organization should provide for the ability to quickly demonstrate evidence of obtaining consent.
There is a prohibition on the use of forms that knowingly mislead the visitor of the site, the use of automatically filled fields. In addition, when a resource is visited, the subject's consent to monitoring can not be expressed in silence. The fact of granting consent to the processing of personal data should be communicated to the data subject and fixed in a form that will allow its subsequent confirmation by the controller.
Protection of personal data of children
Children of adolescence who use Internet resources are often not familiar with the rules for the implementation of personal data. The GDPR prescribes special conditions for obtaining consent in children 13-16 years of age. The consent form must also be filled in by the child's parents.
The presence of the person responsible for the privacy of users
Companies performing large-scale monitoring of the audience are obliged to have an employee in the staff who will be responsible for the safety of personal data of users, regulate the processes of their collection and processing.
Implementation of the GDPR
If the target audience of the company includes persons residing in the countries of the European Union, then the organization should conduct a comprehensive analysis of measures, methods used to comply with the requirements of the regulations of the GDPR. If new technology discrepancies are discovered, better strategies should be developed for data collection, processing and storage. A necessary step is the modernization of the site with the introduction of new forms to clarify the agreement with the data processing procedure, the addition of appropriate sections with the availability of information on methods for analyzing and storing personal information of users.
In addition to working on Internet resources, it may be necessary to introduce new employees into the campaign staff, performing the necessary work to ensure the privacy of users. Running the maintenance of the relevant documentation containing information on the personal data of users, how to implement personal data.
The next step will be the creation, as well as the improvement of algorithms for responding to user requests for the provision of information about personal data, procedures for processing applications for the transfer and destruction of private customer data.
In the modern world, the issue of protecting personal data comes to the fore. Legislation of individual countries toughens measures aimed at satisfying the rights of users. The new GDPR technology from 05/25/2018 accentuates the requirement of anonymity of users. Satisfaction with the rules of this regulation will allow individual world organizations and companies to obtain the right to operate on the territory of the EU countries and on the digital international market of the European Union. Compliance with the requirements for the observance of the privacy of users increases the level of trust of the target audience, allows to secure both the client and the organization.