The EU legislation, General Data Protection Regulation (GDPR) is intended to provide EU citizens with more control over their personal data.
The organizations that handle data of EU residents will have to follow the data and privacy rules implemented by the GDPR.
1. Easy to Understand Document
2. Specify the Use of Personal Information
3. Inform Users of the 8 Rights They Have Under the GDPR
- The right to be informed
- The right to access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights related to automated decision making and profiling
4. Third Party Disclosure
5. Hire a Data Protection Officer
Hiring a DPO is obligatory for organizations collecting sensitive personal or handling systematic monitoring of data on a large scale, or if yours is a public authority organization. You should clearly mention having a DPO on your team along with their contact details.
The data protection officer performs data compliance in an organization, they make sure the process of collecting information is transparent and in line with the GDPR.
6. Specify the Handling of Special Categories of Personal Data
However, if in exceptional circumstances such information is collected, then it is the users right to know how and for what it is being processed. This should be mentioned clearly in the privacy statement.
The fundamental aim of the GDPR is to keep EU citizens informed on how businesses are collecting, using, handling, and sharing their personal data. To learn more about GDPR compliance, click here.