— May 23, 2018
Earlier this month, we published a guide on what you need to know about the EU’s General Data Protection Regulation (GDPR).
This regulation is effective May 25, 2018, and is designed to harmonize data privacy laws across Europe.
You also should give your customers and users information about what choices they can make about the information they have provided to you — for example, opting in or out of marketing communications, or requesting information be corrected or otherwise managed in a way that is in accordance with their wishes, subject to applicable laws.
What is personal information?
Personal information can include a range of information, such as name, address, email address, financial information, and other contact information. In some cases, it can also be information related to your digital life, like an IP address, geolocation, browsing history, cookies, or other digital identifiers. It also could mean information about a person, including their physical, mental, social, economic, or cultural identities.
The first thing you should do is consult with your legal counsel on your obligations under the GDPR and other relevant laws.
- Control over how their data is collected
- Control over how their data is used
- Commitment to data privacy and security
- Determine the legal basis for your use of personal data
- Develop a process to respond to requests made by individuals who want to exercise their rights under the GDPR
- Draft and/or update your policy and have your legal counsel review and approve
- Communicate your new policy, or any updates to your existing policy, to your users
- What specific data you are collecting
- How you will be using that data
- How you will be collecting that data
- Who you will share data with
- How long you will keep that data
- How you will store that data
- How you will protect that data
NOTE: This information is not a substitute for legal advice.