Are you GDPR-ready? Update your Terms & Conditions and Privacy Policies today!
The European Commission recently enforced the new General Data Protection Regulation (GDPR) over the European Union and the European Economic Area to supersede the Data Protection Directive and strengthen data protection and enhance the rights of citizens by reforming privacy policies and implementing strict compliance to data protection.
Over the past couple of weeks, major corporations such as Google, Facebook, Instagram and more have been sending updates on Terms and Conditions asking users to read their Privacy Policies and update their security setting. As Data Gatherers, Data Controllers and Data Processors operating under the EU, these companies fall under the regulations set by the EU in response to strengthening data protection through heightened privacy policies.
What is GDPR and how does it affect you?
If your business operates inside the European Economic Area (EEA), or if you have customers coming from the European Union, applying the rules and regulations of the GDPR is a must! GDPR aims to strengthen data protection by giving customers control over how the data are used by companies that gather, control, and process them. Simply put, GDPR is about transparency and user consent, giving the power back to the user. Under the GDPR, businesses are required to provide clear instruction on how they are going to use and share your data through their Terms & Conditions and the Privacy Policies. Users may give consent or may refuse to give consent to having their information used by third parties or for other purposes, including marketing and promotions.
- Clear Language – Privacy policies are to use a clear and straightforward language for the reader to understand why their personal information is needed and what happens to it afterwards.
- Consent from User – An affirmative consent, be it in the form of ticking a box or providing other options to limit where a user’s data can be used, should be clearly available and easily understood.
- More Transparency – Users should be informed and should have the option to refuse when their data is to be transferred outside the EU or otherwise stipulated in the form that the user has given consent to.
- Stronger Rights – Users should be informed in the event of a data breach, and they should be able to request to transfer or delete their data when appropriate.
- Stronger Enforcement – The European Data Protection Board shall oversee the implementation of GDPR to strengthen data privacy and protect user rights.
What must your company do?
Protect Data, to Protect your Business. Here are some reminders of what companies must do to strengthen data protection and enhance user rights.
- Terms & Conditions – Amend your terms to ensure that they are in compliance with GDPR, i.e. clearly inform users of how their personal information will be used.
- Data Protection Officer – Assign a Data Protection Officer that shall not only check if guidelines from GDPR are followed, but that data protection and user rights are upheld at all times.
- Have a Record – Keep track of what users want in terms of if they want their data to be shared and to what limit is it to be used.
- Notification – Notify your users in case of a breach of data and if ever their personal information is to be shared outside the purpose of what they’ve given their consent to.
Companies that fail to comply with GDPR may be issued a formal letter by the European Commission, warning the company of their status and giving them the chance to amend their Terms & Conditions, and Privacy Policies. In the event of complete infringement of GDPR, the European Commission can sanction the company through a reprimand or a temporary ban on processing in the EU, leading up to a fine of up to €20 million or 4% of the business’ total annual worldwide turnover.
How we can help you..
At Bureauserv, we can help existing clients and new clients to amend the Terms & Conditions and Privacy Policies on their websites using the latest version of WordPress. As an online platform for web content management, WordPress has upgraded to version 4.9.6 in response to the GDPR and in favour of strengthening data protection. It now features new tools such as the option to export and erase personal data, have your comments anonymously published, and many more.
Aside from WordPress, the tools we use for all our outsource services particularly in Accounting & Bookkeeping, Customer Service & Sales, Virtual Assistance, and Digital Marketing have all updated their Terms & Conditions and Privacy Policies to comply to GDPR. Rest assured that with Bureauserv, you aren’t breaching any GDPR-laws, and instead we promote data protection and the strengthening of user rights.