Changing EU Privacy Laws: GDPR and Website Data Collection

The European Parliament approved the anticipated General Data Protection Regulation (GDPR) in April 2016 and this will have significant impacts for all organisations that process EU residents’ personally identifiable information (PII). Personal data relates to an individual who can be directly or indirectly identified from the data, for instance names, photos, email addresses, social media posts, IP addresses, and so on. This will have an impact on most e-commerce businesses, online publishers and advertisers.

How are websites affected by the GDPR

Every organisation is likely to be impacted in different ways. It is advisable to conduct a snapshot assessment about the current data collection and remove any unnecessary trackers and third party ads. For instance, Many websites contain social sharing buttons typically collecting data about the visits including IP addresses. This data is then sent to third party tracking and social media companies. We recommend switching to Shariff share buttons that respect the privacy of your visitors. If you decide to keep collecting personal data please consider the following points:

  1. Consent - an explicit affirmative consent is required to the processing of consumers’ private data.
  2. Privacy Policies - The policy will need to include mandatory information about the way in which data are processed and the statutory rights available to individuals.
  3. Information governance - Establish a compliance framework for monitoring and reviewing your data procedures
  4. Privacy impact assessments - This will be mandatory for projects potentially exposing individuals to enhanced privacy risks.
  5. Data protection officer - all public bodies and by businesses where core activities involve systematic monitoring of data subjects on a large scale are required to appoint one.
  6. Data breach - must be reported to the data protection supervisory authority within 72 hours.
  7. One-stop-shop - “one stop shop” -mechanism which allows one lead Data Protection Officer to operate as a single supervisory body across all EU locations.
  8. Sharing data with 3rd parties - The data controller needs to take full responsibility for transferring personal data to foreign jurisdictions using effective due diligence and contractual measures.

Non-compliance can be expensive

Fines can range between 2% to 4% of the company’s annual global revenue or up to €20 Million whichever is greater.

Read the Full Story at

Related Story: Why is an SSL Certificate A Must Have

Related Story: Theme Ideas For A College Magazine