3. Data encryption with installation of SSL certification
Your website and especially your eshop must encrypt the data through an SSL. In case you don’t know, read more about what SSL certificate is. It offers more security in your transactions and in users’ data transfer with the server. If you don’t already have one, you can purchase an SSL certification. There is also a free certificate for “smaller” websites.
4. Easy unsubscribe or consent revocation
Users must be able to unsubscribe or revoke their consent from any procedure or any processing operation of their data, either by themselves or by their provider, FREE of charge. E.g. It should be given to the users the ability to unsubscribe from the newsletter easily.
6. IP tracking
7. Advertising in social media
If you use emails from registered users of your site for advertising campaign on social media, the email owners should first get informed. They must be able also to unsubscribe from the lists if they want to.
9. Payment Gateways
If you use in your e-shop payment gateways such as PayPal, Stripe etc. for customers’ transactions and their information are being saved in your site, these informations should be encrypted through an ssl certificate.
The time period is has not been set but is in your judgement a reasonable time and after that time all their data to be deleted.
Data for inactive users should be deleted after a reasonable amount of time.
If it’s requested to delete ALL their data, you have to do it.
10. Information Leak
GDPR defines as duty for the businesses that in case of violation of personal data which have being kept, to notify within 72 hours the Personal Data Protection Authority of the country they established in.
The GDPR compliance requirements
Consent: To be able to process your clients personal data, you are obliged, according to the new regulation, to first ask them their explicit consent. In case you have to deal with underages’ data gathering through social media, you must first check their age cause it’s possible for you to need to ask their parents’ consent.
Access and transferability: Allow your clients to be able to process their personal data or/and to transfer them in another company if they want to, by giving them access.
Data deletion: You must provide them the “right to oblivion”, the new digital right which gives them the ability to ask for deletion of their private data as long as the freedom of expression is not violated and is not impeded any investigation.
Marketing: In case you use their personal data for various marketing actions (or activities) for your business, they have the right to ask for their exclusion.
Subscribe to our Newsletter
Stay tuned for the latest Internet & Technology news, how-to guides and exclusive offers!