PREPARE YOUR WEBSITE FOR THE NEW DATA PROTECTION LAW 2018

0

PREPARE YOUR WEBSITE FOR THE NEW DATA PROTECTION LAW 2018

As of May 25, the New Data Protection Law, the GDPR, comes into force, and we must have all web pages complying with this new law, otherwise, significant financial fines will be imposed.

This new law is much more demanding than the previous one, especially with regard to digital environments. Whether you were complying with the previous Data Protection Law , or not, this interests you, and a lot, the sanctions have been toughened, the Spanish Agency for Data Protection will impose sanctions of up to 4% of the annual billing and responsibilities civil, criminal and labor.

Now companies must not only say that they are complying with the Data Protection Law, they must be able to DEMONSTRATE that they have adopted all the necessary measures to avoid incidents and must be able to PROVE that they have carried out the steps established by the GDPR.

We know that many companies with all types of websites: corporate websites, blogs, online or e-commerce stores, document management websites, real estate websites, employment websites, educational center websites … have been turning a deaf ear to the Protection Law of data , to the need to comply with the LSSI , to have a more secure website through an SSL certificate , etc.

Many professionals who work in the digital environment have cared little or nothing for data protection and this was thanks to an unclear law since users certainly did not care too much, but now the law requires us to Privacy policies that are included in the web pages are not too technical, but that an average user when reading it knows what is going to be done with their data, why, for how long, etc.

Ok, so far the Data Protection Law has not taken away almost anyone’s sleep and it was more important to collect user data than to respect and guarantee their rights and with the new Data Protection Law this is going to change, or at least that’s their goal.

Until now, actions have been carried out that border on the illegality of user data, because buying and selling users was not fully foreseen in the legal framework, but now it is.

With now the focus of attention is on the user, the data is theirs and not the web master or business owner, and the user can do whatever they want with their data, always being well informed.

The user now has more control over their own personal information in digital spaces.

Basic aspects that are modified with the GDPR: PREPARE YOUR WEBSITE FOR THE NEW DATA PROTECTION LAW 2018

– Express consent of the users when leaving any type of data on your website: be it a user registration, a subscription to a newsletter, consult something through the contact form on your page, make an online purchase …

– Principle of legality, loyalty and transparency: The express consent entails clear, accessible and truthful information of what is going to be done with the user’s data in each case, under the principle of limitation of the purpose and the principle of legality, loyalty and transparency, for example, if you collect data from a user because they have registered in your online store, you cannot use that data to send them commercial information, if you want to do so, you should express your explicit consent for both purposes.

– The right to be forgotten and to oppose the use of personal data for the establishment of profiles (automated data processing aimed at evaluating personal aspects or analyzing or predicting issues such as the economic situation of the user, their preferences and interests, their location, is reinforced. , etc.)

Consent in the GDPR: PREPARE YOUR WEBSITE FOR THE NEW DATA PROTECTION LAW 2018

This is the most important point of all, the explicit consent of the user who leaves their data in your web application, we emphasize, both in a merely informative web application, as if you sell online, as if you have a real estate website, an online document manager, a price comparer, etc. As soon as they fill out a contact form, they are already leaving their data.

Consent must be:

– Specific: with a specific purpose.

– Express: the pre-marked boxes are not valid or the one that if the user continues browsing the page it is understood that they have given their consent and similar situations (inaction or mission)

– Verifiable: it must be possible to demonstrate that you have obtained it.

This consent must be given wherever users leave their data: registration, subscription, contact forms …

And with users who had already given their consent before the change in the data protection law?

Users who had given their tacit consent must now give it explicitly in order to continue working with their data, which affects subscribers and people registered on your website.

For subscribers and registered the best way is to send a bulletin / newsletter where you urge them to confirm their subscription by express consent.

Are you going to lose subscribers and registered users? Yes, but those who are really interested in continuing to hear from you or buying / consulting your website will stay with you, so you don’t lose much if you leave people who had already lost interest on the road.

Penalties and compensation for not complying with the GDPR

The penalties have been increased, before the maximum fine was 600,000 euros, with the new regulation LEVES infractions can reach 10 million euros or 2% of the annual business volume of the previous year.

In the case of SERIOUS infringements, it reaches 20 million euros or 4% of the annual business volume of the previous year.

And not only can they fine us with these impressive figures, another of the novelties of the new Data Protection Law is that compensation can be requested for those affected by non-compliance with these regulations.

Leave a Reply

Your email address will not be published. Required fields are marked *