Page 50 - Payout Magazine Online Volume 8.9
P. 50
how the
european data
protection
regulation
Will affect
your Business
n the 25th of May 2018, the introduction visitor will understand. Hiding bad practices a blanket statement saying you will use the
oof the European General Data Protection behind hundreds of lines of confusing privacy data in whatever manner you see fit.
Regulation (GDPR) changed online business policies and terms of use has never been
forever. appropriate, but the GDPR means continuing � No More Secrets
this practice could seriously hurt your
The new regulations made sweeping company financially. You must answer any queries a user makes
changes to how a business can use, and store about how you are using their data because
the data it collects from website visitors. It’s Use clear, simple language explaining what they have a right to know.
great news for the average user, as their data will happen to the user’s data after they give
can no longer be used without consent, but consent, and put it right next to the dialogue Users now also have the power to request
businesses sometimes have to jump through box, don’t keep it hidden behind a link. that you delete their data should they so wish
quite a few hoops to be considered GDPR it. You must delete all data you have on file and
compliant, or they risk hefty fines. An interesting side note relates to how cease all subsequent processing. The only
much time a person would need to read exceptions are when the data is required for
Naturally, businesses which used trickery
and deceit to obtain data and use it for profit and understand the privacy policy of every the performance of a contract or a law.
website they visit. Lorrie Cranor, a professor
without the user’s knowledge or consent will be Furthermore, if a user has concerns about
the hardest hit. Pre-ticked consent boxes are at Carnegie Melon, puts the number at an
no longer acceptable, with the new regulations astonishing six work weeks per year, or 201 how well your organization has handled their
*[1]
requiring action from the user to make the hours. request, they can escalate it via an appeal
permission legitimate. to the local supervisory authority, which may
� Blanket Consent then proceed with an investigation.
Most reputable, trustworthy organizations
will have no trouble achieving compliance, but Before the GDPR, consent forms could To avoid this compromising position
they will still have to adjust their practices on provide blanket coverage for how the make sure you keep detailed records of
how they collect and deal with visitors’ data. organization used the collected data. Post- all your processing activities and your
GDPR, however, requires that consent be communications with individuals, so you can
specific and limited to the practices described present them in your defense when needed.
Practices to Avoid
during the consent process.
� Ambiguous Text � Adults Only
All visitors providing consent must be
You are required to clearly explain the clearly informed as to the uses you have Websites containing adult content must
consequences of consent in a language your planned for their data, which does not include display some form of verification mechanism
50 PayOutMagazine
