Disclaimer: This blog has been created for bloggers and site owners to understand GDPR easily. We are not lawyers and we take no responsibility for the advice provided. It is entirely your responsibility to be aware and fully compliant with regulations.
Contents
What is GDPR
GDPR stands for General Data Protection Regulation. GDPR is a data protection law that deals with how companies operating in Europe, handle personal information of customers. GDPR comes into effect across the European Union on 25th May 2018 and impacts several businesses that operate directly or indirectly in the EU. Companies providing services in EU without GDPR compliance have to pay fine. The maximum fine for non-compliance is 20 million Euro or 4% of the annual revenue of the company.
User’s Rights under GDPR
GDPR states that if a website collecting or storing data related to an EU citizen, then website must be complying with the following rules:
Consent | |
Companies must get clear consent from users before collecting their data. | |
Communication | |
Users must be informed what data website is collecting and storing and how long it will be stored. | |
Access and Portability | |
Users must have access to edit/delete their data. | |
Warnings | |
Users must be informed if data breaches occur. | |
Marketing | |
Give people the right to opt out of direct marketing that uses their data. | |
Children’s data | |
If you are Collecting data from children under 16 then you must get parental consent. |
Companies under GDPR
Under GDPR, companies are broadly classified as follows:
- Data controllers: companies that determine the purposes and means of the processing of personal data. Here you are data Controllers.
- Data processors: companies which process personal data on behalf and on the instructions of the controller. Here companies like NotifyVisitors are data processors.
The GDPR affects only companies that collect, store, and process ‘personal data’ of users in the EU. Personal data of user includes Name, Address, Localisation, Online identifier, Health information, Income, Cultural profile and more.
Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU. Specific criteria for companies required to comply are:
- A presence in an EU country.
- No presence in the EU, but it processes the personal data of European residents.
- More than 250 employees.
- Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional or includes certain types of sensitive personal data.
The cost of non-compliance
The maximum fine for non-compliance with GDPR is 20 million Euro or 4% of annual revenue.
According to the European Commission, the process for non-compliance is as follows:
If your website is not fully compliant with GDPR, the first stage of the process is a “warning” followed by steps shown image above.