What is EU’s GDPR Law?

By 11/06/2018 Blog

What is EU’s GDPR Law?

European Union’s (EU) General Data Protection Regulation (GDPR) will come into effect on 25th May 2018. The GDPR applies to all organizations that process, store and use data of citizens from EU.

Highlights of the law:

  • The right of the user to be informed of what personal data a company holds
  • The right to personal data and usage of personal data back to the individuals
  • Definition of personal data is expanded to IP addresses, cookie identifiers and GPS locations
  • Personally identifiable information must be deleted on request.

This Legislation cover all aspects of data privacy rights, data security, data control and governance.

How will it effect UAE?

The law is for EU however, even if any organization which does not have the operation in the EU but employs EU citizen or has customers, members and, suppliers who are EU citizens, it will have to comply.

How it will affect your business?

Any organization which holds data of citizens or residents of EU must be able to secure, identify, utilize and delete personal information as and when required to do so. Following the GDPR law and making this a practice will also enable organizations to have a better Data Management mechanism. Organizations will have to find better methods to prevent any security breach.

How to make your Website GDPR ready?

The organizations in UAE must start preparing a robust plan into a place as one cannot become GDPR compliant overnight.

How to make your Website GDPR ready?

The organizations in UAE must start preparing a robust plan into a place as one cannot become GDPR compliant overnight.

Steps to ensure Data Control:

  1. Access Data: the first and foremost step is to access all the data collected directly or through analytics. This includes traditional data, structured or unstructured data. This helps to evaluate your privacy risk exposure.
  2. Identify: inspect what personal data is being collected by you directly or through your website. Check page URL’s to ensure no PIIs are being collected. You must address this to code level to prevent the data from being sent to Analytics,
  3. Audit: Audit your collection of Pseudonymous identifiers like User Ids, email address and, transaction id.
    1. User Id: it should be alphanumeric
    2. Transaction id: when linked to another data source, it can lead to PII of an individual. Thus this id too must be alphanumeric database identifier.
  4. Update your Privacy Policy:

The privacy policy is required to be clear and understandable by common individual. Questions to be considered before forming a privacy policy are:

    1. What information is being collected?
    2. Who is collecting?
    3. How is it collected?
    4. Why is it being collected?
    5. How will it be used?
    6. Who will it be shared with?
    7. How will it affect the user?
  1. Allow an opt in or opt out feature:

If you are collecting User id or other pseudonym identifiers mentioned above then you must take consent from users. You must offer the user the ability to opt out of tracking even before the analytics executes.

Penalties:

The penalty for GDPR non-compliance is €20 million or 4% of yearly global revenue, whichever is higher.

Leave a Reply