The GDPR laws are coming to effect on 25th May 2018. Since the deadline to meet the rules of the General Data Protection Regulation laws is drawing near, several companies are still fumbling to make their businesses GDPR-compliant.
The GDPR laws aim to ensure that the data and personal information of the Internet users of the European Union are safe and not misused. It is there to ensure that the data is secure and secure from external attacks and internal breaches. Follow the points mentioned below to make your business GDPR-compliant and to safeguard against underlying cybersecurity issues:
What Did You Get The Information?
Starting from the basics- how did you get access to the data and personal information? If the data came from a form on your website or from a mail sign up, or from an application downloaded, then it is excellent. This is legitimate because it was the user’s choice to provide the details to you.
Although, if you received the data or personal information via other means wherein the user did not choose to give it to you by filling out a form, etc., then it is probably dishonest to have it, and you must report where you got the data from.
Is The User Aware That You Have Their Data?
Even if the user willingly gave you the information by filling a form, downloading an app or during sign up, but were they made aware that you were planning to keep it? Was it evidently mentioned on the website or on the form or on the application that you would be holding this data?
It is above board if it was, but if not then you will have to let the people know that you have kept their information. You need to ask their permission if it is alright to continue to do so.
What Do You Intend To Do With The Data? And How Do The Users Know?
The data and personal; information of users which you have collected legitimately- what is the purpose of it? Are you planning to use this gathered data to populate an email list? Are you aiming to use it for the purpose of retargeting on social media? Will you be cold-calling the users during supper time?
Whatever you intend to do with the gathered data and information, the user has to have consented to it by agreeing that it is alright for you to do so. IF you are not doing it, then you are not complying with GDPR laws.
How Is The Data Stored And Processed?
All the collected data and information: where do you store them? Is it just located in an Excel sheet on the company’s server? Or, is the data stored in sanctioned and distinct encrypted documents which only privileged users can access?
If you are storing the data digitally, you need to encrypt the files and restrict their access. If you are making hard copies for internal usage then instead of just throwing them in the trash afterward, use a paper shredder.
How Long Do You Plan To Keep The Data?
One thing which companies have been bringing to light since the announcement of the GDPR laws is that they do not inform the users on how long they are planning to store their data and information.
Even though it does not look like a big deal, but it is very critically important in reality.
IF you are planning to keep the data for a limited time, then you must let the user know about it when they are submitting their personal information. If you are planning to keep the data for an indefinite amount of time, then the user must agree to it too.
Symantec, the manufacturer of McAfee, is taking steps to be GDPR friendly. Its antivirus product called McAfee Internet Security is top-rated, and its product key can be activated at www.mcafee.com/activate or Mcafee.com/activate.