The On May 25, 2018, the new GDPR law (General Data Protection Regulation), and less than a month after its arrival, we have already been able to verify how it has generated multiple and important changes in the day to day of companies, especially in those that operate through the Internet.
This new GDPR regulation
replaces the LOPD
(Organic Law on Data Protection), and comes to try to regulate the data protection of citizens belonging to the European Union.
A law thataffects all those companies regardless of their activity or place of origin, that work with data of natural persons of the European Union.
From AYCE Laborytax, aware of the controversy generated by the arrival of the new General Data Protection Regulation, we have prepared a post as a guide in which we are going to show you
how to apply the new GDPR law on your website,
and so on avoid the millionaire sanctions that those companies that do not adapt to the new regulation will face.
Main sanctions for the lack of application of the new GDPR Law
We recommend that, if you have not yet adapted your website to the new GDPR, do not let it pass,since otherwise you could face significant and expensive penalties.
The European Union has taken this point very seriously. It has reported that the sanctions to companies that do not ae take advantage of this new regulation, could reach up to 20 million euros, or the equivalent of 4% of the total volume of business,applying the amount that was higher in each case.
A strong hardening, if we take into account that with the current LOPD the sanctions ranged from 900 to 600,000 euros.
In addition to the financial penalty, the lack of application of the new GDPR law could put at risk the trust and credibility of our customers.
With all these threats, it is not surprising the enormous concern that exists in companies regarding this regulation.
Keys to adapt your website to the new GDPR regulations
Right to information
How is the information collected?
If you have an official website of your company, the first thing you must do is update the forms,complying with the requirements set by the RGPD:
- Users should know what information the form will collect about them, what it will be collected for and who will treat it.
- You must inform about the obligatory or non-obligatory nature of giving an answer,as well as what will happen in each case.
- You will have to make clear the rights that users have:access, rectification, cancellation and opposition; but also, portability and forgetfulness.
In addition to offering users all this information, it is essential that the following points are exposed in a clear way to ensure the understanding of users:
- Contact details of the Data Protection Officer or Data Protection Officer.
- Legal basis or legitimacy for the treatment.
- Term or criteria for the conservation of the information.
- Existence of automated decisions.
- Right to make a claim before the Control Authorities.
Finally, in the event that the data has not been obtained directly by the user himself, it will be essential to inform the origin and category of the data.
When should you report that you are collecting data?
The
new GDPR law
states that, when requesting data from users, they must be informed in advance of this.
We recommend that everything is perfectly documented,in order to guarantee in the future that the obligation to inform has been carried out.
Where to report data collection?
The mode of information to users must be adapted according to the means used to carry out the collection or recording of data.
The most common way to inform users is to include all the informative elements in the footer or footer of the web, inorder to guarantee that they can be accessed from anywhere.
Rights of users against the collection of data
The old LOPD contemplated access, rectification, cancellation and opposition as the rights of users against the collection of data. Rights that have increased with the new GDPR.
- Limitation of processing.
- Right to be forgotten.
- Portability.
Consent
Until now it was common that, when sending the company’s privacy policy to our users, we did so with the consent box already checked.
With the new General Data Protection Regulation changes radically,since it is important to pre-check the box of “no consent”,so that there is no doubt that the user has accepted the collection of their data, for the purposes that we have indicated in the privacy policy.
Elaboration of the Privacy Policy
It is essential that the Privacy Policy is prepared in a clear and transparent way,to ensure that users have understood everything we indicate in it.
In fact, the European Commission has already started working to include a number of mandatory icons in the Privacy Policy.
conclusion
In short, you must
comply with the new GDPR Law
on your company’s website as soon as possible, in order to avoid millionaire penalties, increase the trust of your customers, gain agility when responding to possible incidents, and improve both your reputation and your credibility.
If you still have any
questions,
contact our professional advisors and we will take care of offering you all the information you need.
