Remember what year our beloved Facebook was invented in? That's right, 2004. What if I told you the last update in the data privacy was made back in 1998? Feeling a little less secure all of sudden, aren't we? Unfortunately, the reality is our personal information is currently protected by a very out-dated act released 20 years ago, which doesn't take into account the Internet's growth that has happened since.
Gladly, GDPR (General Data Protection Regulation) is going to replace the old piece of a bill. It’ll protect and empower all EU citizens data privacy and reshape the way organizations across the region approach data privacy. If you haven’t heard about it yet, you’re probably wondering about all the what’s and how’s. Without further ado…
A good question, which I probably should have led with. Well…
Personal data refers to data which can be used to identify a living individual directly or indirectly. On the contrary, non-personal data describes information which is anonymous and can’t be used to track a person.
Examples of personal data your business might collect are:
Examples of non-personal data your business might collect are:
You can’t move forward unless you define how much of personal and non-personal data you handle as a business. Therefore, the first step to making your business compliant is running a rock-solid audit. It’ll help you uncover all data processors, which then you can question whether they are needed or not. After all, the entire compliance is about proper spring cleaning and being aware of personal data you store and why. There’s no harm in that, right?
When you discover a new piece of data, ask yourself the following questions:
Even though the audit sounds painful, it’s pretty much the most difficult and time-consuming part you’ll have to do on your way to becoming a better data protector (sounds like a superhero).
Make sure you answer the following questions:
Even though most of those companies are based outside of European Union, they must comply with GDPR rules when dealing with EU based businesses. There’s nothing you have to do your end and they’re most likely already compliant with the new legislation. If not, they’ll soon be. It’s kinda a big deal, you know.
Being a web agency we process a plentiful of customers’ data including login credentials. That’s why we take security very seriously and we do our best to keep everything away from unwanted hands.
GDPR helped us to re-visit our internal processes, improve the way we store the data and ensure its maximum security.
Things we’ve done:
I said we were quite serious about it. Plus, who would have wanted €20,000,000 penalty?
Originally published Mar 16, 2018 2:04:10 PM, updated October 22 2020.