Know all that makes your business compliant with the new GDPR law on May 25, 2018
GDPR enforcement and fines
Digital data security is the most-happening topic on a global scale. With the upcoming General Data Protection Regulation (GDPR) law to be rolled out on May 25, 2018, there’s an urgent need for all multinational businesses to be made compliant. Steep fines of up to 20 million Euros may be levied for regulatory non-compliance.
Companies affected by GDPR
GDPR can affect companies with presence in European Union (EU), processing data of European residents, having more than 250 employees, or having less than 250 employees but data-processing that impacts the rights of data subjects. According to PwC survey, 92% US companies have taken GDPR as their top data protection priority.
Data protected by GDPR
GDPR is devised to protect basic identity information, web data like location, IP address, cookie data, health, biometric, racial/ethnic data, sexual orientation and political opinions too.
GDPR for Drupal
Drupal.org has already released a module that helps to make your Drupal site, GDPR compliant. But this module only provides the tools but doesn’t guarantee that the site becomes GDPR compliant.
GDPR Checklist
- Ensure that your technical security is up to date. This will prevent hackers from exploiting data.
- Provision in website where customers can easily request access to their personal information.
- Provision in website where customers can easily update their personal data to keep it accurate.
- Provision in website where customers can easily request deletion of their personal data.
- Whenever website require user data, get consent when you start processing a person's data.
- Whenever user request age restricted content, verify their age and ask consent.
- Any data breaches involving user data should be reported to the local authority and its users.
- Privacy policy should include a lawful basis as to why the firm needs to process user information.
- Whenever any update in privacy policy, it should be informed to the existing customers.
- Website should have publicly accessible privacy policy.