GDPR Data Protection Compliance Checklist 2018

There has been a debate about user data privacy since long. The debate received fuel from Facebook publicly accepted the user data theft scandal. Meanwhile, the EU, in its new efforts to protect personal data, brought GDPR. Let’s understand.

What is GDPR Compliance?

Businesses world across take measures but seems proven inadequate. Therefore, in order to protect the privacy of the data, the European Union has introduced a new regulation called the General Data Protection Regulation or GDPR.

All those businesses are abiding by GDPR regulation to protect the personal data and safeguard the privacy of the EU citizens during any transaction that happens within EU nations.

The regulations are so strict that companies may end up paying huge fines for non-compliance.
Each company that collects or processes the personal data of the EU citizens will have to comply with this new regulation by May 25, 2018.

Why Does GDPR Exist?

EU has been conscious about how personal data are used. Therefore, even before the Internet became the main communication tool, the EU established the rules under Data Protection Directives. The GDPR is going to replace the old DPD.

Due to disquieting evidence of data theft, 76% of EU citizens have raised concerns over privacy. Lake of trust in how companies use personal data, the EU found it fit case to improve the terms of DPD by replacing with new GDPR regulation.

GDPR  Requirements

There are 9 different GDPR compliance requirements that each company should meet to collect, store, and process data of EU citizens.

• Awareness:  The decision-makers at the company must be aware of GDPR, it impacts, and procedure of compliance.
• Training: Under GDPR each company should have well-trained Data Protection Officer.
• Report: Companies are compelled to report data breaches to specific government agencies.
• Sharing: Companies must be aware of where it’s data is shared and with whom.
• Impart: Companies under GDPR will require sharing more info about the use of personal data to users.
• Ensure: Each business is to ensure that data collection procedure protects the individual rights.
• Respond: Companies should respond quickly to citizens requesting details quickly.
• Consent: GDPR eliminates Pre ticking and broadens the definition of consent from citizens.
• Children: Businesses can’t use children data randomly. In fact, companies must obtain a guardian’s consent.

Personal data audit will help you to identify all of your data processors. List them all with either a 1 or a 3 to help you track which are first and which are third party data processors.

GDPR Website Compliance

In the 21st century, as technology grows and Internet spreads, personal data of users need more protection. Especially, the company websites, which collects innumerable personal data much, undergo the process of having their website in line with GDPR. So how would you achieve GDPR website compliance?

Well, there are 3 questions you should ask yourself as a business before starting the website audit.

• For what are you using the data?
• Where is the data being stored?
• Do you still need the data?

Once you have answers to these data, follow the guideline to ensure your website complies with new GDPR Checklist.

GDPR Compliance Checklist:

• Active opt-in: The default opt-in check-boxes have to be either empty or ‘No’, instead of ‘Yes’. No pre-selected tick marks are allowed.
• Unbundled opt-in: All the consent should obtain separately. The website must seek separate consent for the privacy policy, consent for the newsletter, email or consent for a contact number.
• Granular opt-in: For all communication details, the user should be able to provide separate consent. There should be separate consent for email id as well as mobile number.
• Consent Withdrawal: The website must provide means to the user can withdraw his or her consent for anything.
• Separate Parties: The website shouldn’t bundle the party and for each party, there should be a separate tick mark box.
• Notification: The user must immediately be informed about new privacy policy and terms or all the changes that are made in these documents.
• Online Payments: Websites passing payment detail to gateway companies must inform if payment data are store after providing to payment gateway companies and modify process accordingly.
• Third-Party Tracking: Companies must ensure that their business partners and associates follow GDPR before storing or processing data from your website.
• Google Analytics: Although Google Analytics does not collect or store personal data, Google is considering the changes to comply with GDPR.
• Existing Data: The data stored before GDPR compliance came into effect should also examine to follow the GDPR guidelines.
• Encrypted Connection: Cyber Security of the data was never so rigorously inspect. Companies must use the SSL Certificate and transmit data over encrypted connection only.

Cons. 

It is in the interest of the businesses to fall in GDPR line to safeguard the user data and to protect themselves from any consequences of non-compliance.

For websites with GDPR compliance and want to run an audit, contact our team at info@codecaste.com and our representative would get in touch with you.

We would be glad to Assist You.