General Data Protection Regulation (GDPR) was enforced since the 25th of May 2018, with the goal to regulate the ways personal data are collected and processed online.
According to the regulation, any website offering services to EU-citizens must inform them about personal data that is being collected. Prior consent must be given by the user before using any tracking technologies (e.g. cookies). The user should have the ability to choose which personal information is gathered, with a simple opt-in function, and have an option to adjust their preferences at any point.
Also, users should have the option to request all the data that was collected about them.
Violating GDPR will cost you a fortune! GDPR fines can get up to €20 million, or 4% of the company's yearly profit, whichever is higher. However, most importantly, violating GDPR is a disregard for basic human rights.
In short, here are 8 easy steps to get compliant under GDPR laws:
The UK is officially no longer a member of the EU since 1 January, 2021. Although GDPR does not technically apply to the UK anymore, it is subjected to the DPA (Data Protection Act) 2018 and UK GDPR. As for EU privacy regulations, The UK is treated as a “third country” as of 31 October, 2019. Depending on the agreement that the UK and the EU negotiate, the status of a “third country” could change and will be updated accordingly. For now this definition is significant mostly when discussing the transferral of users ‘data between countries. (GDPR Article 44)
For more information, read our UK-GDPR FAQs.