Last week, we dove into the beginning steps to make sure your organization is compliant with the new General Data Protection Regulation (GDPR). This week, we’ll continue with the final steps you can take to update your privacy processes.
13. Apply data protection by design and by default.
This means that personal data must be processed with the highest privacy protection in place. For example, only the necessary personal data should be processed, it should not be stored for longer than necessary and it should not be accessible to anyone who doesn’t need it.
The European Commission website provides the following examples to illustrate:
Data protection by design
The use of pseudonymisation (replacing personally identifiable material with artificial identifiers) and encryption (encoding messages so only those authorised can read them).
Data protection by default
A social media platform should be encouraged to set users’ profile settings in the most privacy-friendly setting by, for example, limiting from the start the accessibility of the users’ profile so that it isn’t accessible by default to an indefinite number of persons.
14. Put mechanisms in place to obtain informed consent.
Ensure users on your website are actively consenting to having their data collected. This means that every form contains an opt-in that is not completed by default. In other words, if you have a check-box for users to consent to your collection of their email address or other personal data, it cannot be checked by default. The user must be required to check the box in order to consent to their data being collected.
15. Explain cookies.
This content is available to IABC members only. To continue reading, log in below.