General data protection regulation (gdpr) is an important new law in the field of data protection. The solution was developed by the European Union to strengthen the right of individuals to collect, use and store personal data. The law applies to enterprises or organizations in the EU. People outside the EU should also comply. They provide goods and services (whether charged or not) to people living in the EU or monitor their behavior. In fact, gdpr is the global standard for data protection. So, what is personal data? All data that can be used to directly or indirectly identify a living person is classified as personal data. The
For example: what is name address email address social security number location data IP address sensitive personal data? Sensitive personal data is a special type of personal data, which needs to be treated with more caution. These include the following elements: What rights does the data subject have according to gdpr? As stated in the ICO, data subjects have the following rights to personal data: No information entry stop clear amplifier processing limit data portability oppose automation decisions or configuration modifications gdpr data subject rights gdpr has a lot to do with data processing. This only represents all operations (collection, saving, modification, deletion, etc.) performed on personal data. The
What does your business need to do to comply with gdpr? 1. personal data audit learn more about the personal data you process below. 2. record the policies and procedures for processing personal data, and record all contents. This is part of proving compliance. You need to plan what to do when: Subject access requester individuals can request access to, update, or delete their personal data. How are they identified and fulfilled? Data security details what you are doing to secure your personal data. This includes encryption, anonymity, and access control. The
Any personal data infringement that may seriously damage personal data shall be reported to the \
4. confirm the legal basis for all personal data processing activities. All personal data processing must have a legal basis. Please discuss details later. 5. consider having a DPO, and the head of data protection (DPO) is responsible for all data protection activities. Dpos can be named inside or outside the organization. Understand the personal data collected by your business search: whose data do you have? What personal data are collected? Any sensitive parts? What file format is used? Where are local, web servers, and cloud storage? Does the third party process the data? Which one? Where is the foundation? If the data was originally collected and stored within the EU, will it be sent outside the EU at any time? (non EU transfers are permitted only if personal data is properly protected. If data is transferred to the United States, the relevant framework for data transfer is privacy screening.) How long is the data stored? Is security protected in any way? What data will you inform subjects to keep and use when you collect? Personal data
Hidden in many places! If you are like me, you will use many tools. The
The location to search is as follows: Real time websites, development and preparation of websites: WordPress plug-ins that collect and store personal information WordPress users – especially buddypress and bbpress install default WordPress annotations or other annotation software WordPress e-commerce solutions (such as WordPress) files – documents, electronic forms, databases, PDF storage and backup: computers Portable drive, USB stick, DVD, online cloud storage: Dropbox, Google drive, Amazon S3 intranet e-mail and e-mail attachments CRM system e-mail marketing software: MailChimp and other social media: \
For example, MailChimp runs a blog for the gdpr compliance process. Find ways to minimize the collection of personal information from WordPress plug-ins that collect personal data. Privacy by design method is adopted. Do not fill out forms that require large amounts of data unless the purpose is clear. If you are a \
Access is achieved through the WordPress user role: for example, subscribers cannot view form data. Now let’s look at a few specific plug-ins. 1. contact the developers behind Akismet and ask them about their personal data when viewing WordPress comments. Chris from automatic replied: \
He continued: \
2. view the form plug-in used to store personal data in the query form WordPress database. Since personal data cannot exceed what is needed, it is ideal to delete it when it is no longer needed. The wider gravity forms stop entry plug-in will prevent the saving of the gravity forms project. Ninja forms has a setting that does not save form items. Must be enabled for each form. The Ninja forms repository is closed. In addition, make sure that there is a form for automatically selecting users in the marketing message through the pre selected check box. The
3. print the \
, print friendly email to collect email addresses submitted by users. In order to protect personal data, the developer has made a clear commitment: Print, PDF, e-mail personal information protection and data 4. Free plug-ins such as kingsumo provide prizes. Participants are added to the e-mail subscriber list. How about cookies? Cookies have nothing to do with gdpr and are restricted by eprivacy. The implementation date must be consistent with the gdpr, but it is still in the draft stage, so it may be postponed. Eprivacy stipulates that cookies provided by your domain are distinguished from third-party cookies such as Google Analytics and some social sharing plug-ins. Although browser settings can be used as a form of users’ consent to third-party cookies, this is something we need to continue to pay attention to. Looking for the legal basis for personal data processing there are six main bases for legal processing of personal data. At least one condition must be met. Two of these will not apply to web operations. This is an important interest and public function. So there’s one left 1. if it is necessary to perform the contract, such activities as collecting payment information from suppliers will apply this principle. 2. for example, a legal obligation for a UK business to keep records of expenses for a period of five years after the 31 January deadline for the submission of tax reports. 3. consent is the core processing standard of most enterprises. If other legal grounds do not apply, consent to the processing of personal data must be obtained. The consent shall be: Free provision – no one shall be deceived or forced to provide personal data. Explicit – if you also want to add the email address of the contact form to the mailing list, you cannot use the pre selected check box to automatically select it. The reservation form with automatic completion check box is related to the following contents: Specific and separate – if you have multiple processing purposes, you must obtain their respective consent. For the kingsumo plug-in mentioned earlier, there should ideally be two check boxes. Yes, you can participate in the competition according to the terms. Receive email marketing yes. Named – specifies the organization name and other names for processing data. Undo at any time – if someone wants to cancel the selection later, they must allow it. This should be easy to do. The following must be recorded: Someone agreed. When they agree. Their approach. I’ve heard about the way I use my information. Agree to expire? Agree that there is no minimum duration. As the case may be. What was the previous consent? Many of us have an email list of subscribers who agree to the marketing message. If you can prove that the existing user data is obtained under the same terms as gdpr, you can keep it. The exact way to do this is to ask the email subscriber again for permission to market. But please note. Flybe and Honda would be fined! Communicator has a table for processing existing e-mail lists. 4. data processing is allowed on the basis of legitimate business interests without ignoring the legitimate interests of individuals. Using this foundation for data processing means: Record assessments of people you are interested in and affected by. Please indicate in your privacy policy that you use legitimate interests as a legal condition for data processing. Allow individuals to object to this type of data processing. For example, you can use security plug-ins to record the IP addresses of visitors. After assessing the stakes, you will decide that the data is collected on the basis of legitimate stakes. You have made it clear in your privacy policy that you will collect the IP addresses of visitors to your website to protect your website from hackers.
. What’s next? After the audit is completed and the legal basis for personal data processing is confirmed: if the personal data is no longer required, please delete it. Wetherspoons, a British bar chain, recently decided to delete the entire customer email database. We don’t think we even have an email address for our customers. The less customer information currently available, the less risk associated with data. Perform risk assessment, identify high-risk data, and take protective measures to determine the remaining personal data. Conduct personal information impact assessment on future or past projects related to personal data collection. In short, it is difficult to understand and comply with gdpr, but this is what we can do. Higher data protection standards are good for all of us. Now let’s get ready. Please use the following resources to explain: Data protection network ico: data protection reform general data protection regulations – guide to general data protection regulations of the Isle of man intelligence Commission virtual session: no exaggerated gdpr gdpr: how to create best practice personal information protection notices (including examples) when and how to implement personal information impact assessment? What steps will you take to comply with gdpr? Do you know what type of information to collect from your site visitors? How much do you think your site needs to do to comply with gdpr? Please share your comments in the comments below. Labels: data protection security
