Web Policies in Europe : GDPR Compliance

Web Policies in Europe : GDPR Compliance

Web Policies in Europe: GDPR Compliance

GDPR. The four letters that have been the centre of attention since the EU instated a data protection policy that has left many business owners scrambling to update their online policies. For small businesses, updating an online policy-whether it is a privacy policy or terms of service- can be daunting.

The reason that the EU Parliament decided to make drastic changes to data protection policies was to protect sensitive and private information shared on the web and through other electronic forms of contact. There have been cases adjudicated by the European Court of Justice (ECJ) when vendors have failed to provide adequate protection to their customers. Some of these cases have involved the loss of sensitive information, unclear cookies policies, ambiguous notices, and failure to comply with retention provisions.

The General Data Protection Regulation (GDPR) harmonizes data privacy provisions in all European countries.

Key Changes for GDPR-compliance:

The biggest change for GDPR has been the requirement for companies to comply with these provisions even when they are located outside of the European Union (EU). Essentially, GDPR provisions apply to all companies processing the personal data of EU residents. This means that if your company is located in Canada or the United States, and your customers are located anywhere in Europe, you must comply with all GDPR regulations.

As the penalties are quite high for non-compliance (ie: 4% of your annual turnover of €20 million— whichever is greater), it is important to ensure that your company is protected.

Steps you should take to ensure compliance:

• Ensure that you have designated a “data processor” or “data controller” for your company. Ensure these roles are clearly indicated in your online policy. A data processor is responsible for processing the personal data of customers on behalf of a data controller. A data controller is responsible for the “who”. “what”, “where” and “when” of personal data. A policy clearly lays out who controls the company’s processing of data, what provisions the company uses to store the data, where data and personal information is stored (on a cloud, in another country, etc), and when data is destroyed or retained for lengthened periods.
• Consent on how personal information is obtained
• Consent on how personal information is shared
• The rights of customers and clients to access their data
• Retention periods for data
• Legal basis for company actions relating to data protection and privacy.

Amongst the key points on GDPR compliance, companies are no longer permitted to draft policies written in legalese or complex language. Policies must be clear, concise, and easy to understand.

If you’re a corporation requiring an update to your online policies, get in touch with us today by emailing us at info@saidilawcorp.com or giving us a call at 1-800-930-9986. Not only does correctly complying with GDPR regulations leave you with peace of mind, but it also saves you from needless penalties and the mismanagement of customer information.