GDPR for your website
The EU GDPR (The General Data Protection Regulation 2016/679) was created with the aim of giving the residents of the EU real power over their personal data, as well as harmonizing the approach to regulating the processing of personal data within the EU. Control over personal data will no longer be in the hands of companies and government agencies, but will appertain to the citizens themselves.
The GDPR affects everyone who stores or uses the personal data of EU residents, regardless of whether they work within or outside the EU.
In short, no matter where you are, if you sell goods to EU residents or process their personal data, you must comply with the GDPR.
The "to do" list
- Examine the entire personal data flow and evaluate the degree of its security.
- When making cross-border transfers of personal data, make sure that there is a legal basis for such transfers.
- Conduct an assessment of risks, as well as the external and internal data protection policies.
- Review the procedures for obtaining consent to the processing of personal data and the agreements with contracting controllers or personal data processors and analyze how they interact with their subcontractors.
- Develop appropriate written documentation.
- Implement default confidentiality and security.
- Determine whether you need to appoint a DPO (Data Protection Officer — person in charge of protection of personal data).
- Introduce internal training courses on compliance with the GDPR for your specialists.
- Establish an accounting and control procedures and an incident response plan with clear rules and step-by-step instructions.