We do a lot of stuff online today through various websites, may it be buying groceries or clothes, paying bills or sending documents that involve our personal details without a second thought. Why? Because it's fast and easy I grant you that, but is it safe in terms of privacy?
The internet is not what it was before. It has been changing rapidly and so are its terms and conditions. One thing we have never been certain of is how safe the data we share online on various websites is!
Data policies regarding privacy have been changing and one such major change is a new law GDPR that came into effect from 25th May 2018.
We are already aware that almost all companies collect personal data from their users. Almost all websites today need some basic cookies to function properly. Some of these cookies store information about the user. What are the cookies you ask? They are small text files that store information about the visitors and are set on the website. These cookies also perform many other functions, like recognizing the user, targeting advertisements, etc.
According to GDPR, all websites should give the users the right to know what data is collected from them voluntarily or otherwise, why some of their data is asked for and how it is processed within the website. It will make sure any company in the European Union or those who do business with the EU comply with GDPR rules.
In case you are running any kind of business which involves holding onto personal information from the customers, the newly introduced GDPR laws are very likely to affect your business. Store owners collect a lot of data from customers like name, email address, telephone numbers, order history, IP address and a lot more.
But how many websites are there that really state it out there why do they need all this data for? What are the cookies that are set on the website and what is their purpose?
With GDPR rules in effect, you get the answers to these question. It is important that the websites tell their users how their data is being used. Ask the user’s consent before any cookies, third-party or otherwise are set on the website or data is collected in any other form. GDPR ensures that users get their rights.
Under GDPR the users get the following rights:
To Access Their Data
Users must be able to request to get access to the personal information they shared on the website. The owners must provide them with a copy of the personal information. They can also ask how and what the data is being used for by the organization.
To Be Forgotten
If the users want to withdraw from their consent provided before or no longer wish to be customers the organization must delete all their data that was saved.
To Transfer Data
Under this right, the users can transfer data from one service to another. The website must honor this right of the user and let them do so.
To Be Informed
Any organizations collecting any type of data from the users of their website must inform them first. Only when the users opt-in and freely give their consent should data be gathered from them.
To Be Able To Edit and Correct Data
The users have the right to update, correct or change their data if it is incorrect, incomplete or outdated. The website must allow the users to do the same when they request it.
To Be Able To Restrict Processing
Users must be able to decline the usage or processing of their personal data on the website if they intend to do so. The data can remain in the records and still not be used.
To Be Able To Object
This is similar to the right of users to restrict processing. All users can object to the usage of their personal information in various circumstances, especially in the case of direct marketing. As soon as such a request is received any ongoing processing will be withheld and the user’s data won’t be used anywhere. This right is to be made clear to the users before any collection of data is subjected.
With these rights, GDPR is giving users and customers more power over their data compared to the organization or store owners who are managing it.
Why is it important to follow GDPR?
GDPR is imposed on any organization that serves the citizens of the EU. The rules of GDPR are to be followed thoroughly.
- Without acquiring the fully accepted and freely given consent of the user, the personal information of the user should not be accessed, collected or used in any manner.
- Users must have access to their personal information shared and be able to edit, delete and review it.
- The data shared by the user must be recorded in a safe place and proper protection and security must be given to it.
- The privacy policies must be explained in simple and clear language to the users.
It is mandatory to follow all GDPR rules and give users the rights they are worthy of, non-compliance of which can lead to fines and penalties. There are two types of penalties that you can be compiled to:
- Up to €10 million, or 2% annual global turnover – whichever is higher.
- Up to €20 million, or 4% annual global turnover – whichever is higher.
To know more about these refer to this article on What are the Fines for Not Complying with GDPR.
How Much of an Impact Does GDPR Have on Businesses?
GDPR's policies easily manage to give the users the throne and make organizations and website owners comply with the rules set by it. This means all business including online ones needs to become more transparent about the user data that they collect.
The database of customers needs to be up-to-date. The users must be able to make changes and edit their information. Any changes made should be notified to the users.
The website should comply with the wishes of the customers even if they wish to opt-in and opt-out within minutes by providing them with such n option. This could turn into a task for many websites.
With GDPR in effect and the policies of data collection explained, only those who are genuinely interested in the website and the products will opt in, thus making it more of an opportunity for the website to find reliable customers.
More than customized experience and good looking websites, what customers really care most for is their privacy.
Wrapping up, GDPR regulation is indeed a challenge for even companies like Google and Facebook. But neither can we deny the fact that it makes your business much more trustworthy to users if you ensure the safety of their data.