The On May 25, 2018, the new GDPR law (General Data Protection Regulation), and less than a month after its arrival, we have already been able to verify how it has generated multiple and important changes in the day to day of companies, especially in those that operate through the Internet.
This new GDPR regulation
replaces the LOPD
(Organic Law on Data Protection), and comes to try to regulate the data protection of citizens belonging to the European Union.
A law thataffects all those companies regardless of their activity or place of origin, that work with data of natural persons of the European Union.
From AYCE Laborytax, aware of the controversy generated by the arrival of the new General Data Protection Regulation, we have prepared a post as a guide in which we are going to show you
how to apply the new GDPR law on your website,
and so on avoid the millionaire sanctions that those companies that do not adapt to the new regulation will face.
Main sanctions for the lack of application of the new GDPR Law
We recommend that, if you have not yet adapted your website to the new GDPR, do not let it pass,since otherwise you could face significant and expensive penalties.
The European Union has taken this point very seriously. It has reported that the sanctions to companies that do not ae take advantage of this new regulation, could reach up to 20 million euros, or the equivalent of 4% of the total volume of business,applying the amount that was higher in each case.
A strong hardening, if we take into account that with the current LOPD the sanctions ranged from 900 to 600,000 euros.
In addition to the financial penalty, the lack of application of the new GDPR law could put at risk the trust and credibility of our customers.
With all these threats, it is not surprising the enormous concern that exists in companies regarding this regulation.
Keys to adapt your website to the new GDPR regulations
Right to information
How is the information collected?
If you have an official website of your company, the first thing you must do is update the forms,complying with the requirements set by the RGPD:
- Users should know what information the form will collect about them, what it will be collected for and who will treat it.
- You must inform about the obligatory or non-obligatory nature of giving an answer,as well as what will happen in each case.
- You will have to make clear the rights that users have:access, rectification, cancellation and opposition; but also, portability and forgetfulness.
In addition to offering users all this information, it is essential that the following points are exposed in a clear way to ensure the understanding of users:
- Contact details of the Data Protection Officer or Data Protection Officer.
- Legal basis or legitimacy for the treatment.
- Term or criteria for the conservation of the information.
- Existence of automated decisions.
- Right to make a claim before the Control Authorities.
Finally, in the event that the data has not been obtained directly by the user himself, it will be essential to inform the origin and category of the data.
When should you report that you are collecting data?
new GDPR law
states that, when requesting data from users, they must be informed in advance of this.
We recommend that everything is perfectly documented,in order to guarantee in the future that the obligation to inform has been carried out.
Where to report data collection?
The mode of information to users must be adapted according to the means used to carry out the collection or recording of data.
The most common way to inform users is to include all the informative elements in the footer or footer of the web, inorder to guarantee that they can be accessed from anywhere.
Rights of users against the collection of data
The old LOPD contemplated access, rectification, cancellation and opposition as the rights of users against the collection of data. Rights that have increased with the new GDPR.
- Limitation of processing.
- Right to be forgotten.
In short, you must
comply with the new GDPR Law
on your company’s website as soon as possible, in order to avoid millionaire penalties, increase the trust of your customers, gain agility when responding to possible incidents, and improve both your reputation and your credibility.
If you still have any
contact our professional advisors and we will take care of offering you all the information you need.