Your Data Matters
Whats is GDPR?
The GDPR (General Data Protection Regulation) was introduced to give citizens and residents control over their personal data and to simplify the regulatory environment for international business. When GDPR enters into force, it will replace the Data Protection Directive 1995 (Directive 95/46 / EC).
It shall be valid from 25 May 2018.
The General Data Protection Regulation will actively contributes and protects individuals against the processing of personal data and will apply to all EU Member States.
GDPR: What changes you need to make on your website or eshop. 👨🏫https://t.co/Q6HFecNHUG#GDPR #privacy #protection #security #eshop
— Vision4Reality (@Vision4reality) May 20, 2018
What are obtained as personal data and what are considered for their processing?
- Name
- Address
- IP
- Location information
- etc.
The official document that you can find here, defines any information associated with an individual directly or indirectly as personal data.
Data processing is defined as collection, registration, storage, communication, destruction, etc.) where it is carried out with or without the use of automated means, personal data or personal data sets.
The GDPR was created to protect the rights of people who give you their data and to boost the online market as only 19% of them feel safe online today.
Target Audience
Websites that need to start making changes are the ones that collect information, process and store visitor / customer data.
Examples of websites that are of interest directly are those who use the following practices:
- Google Analytics
- Registrator form
- Contact form
- Newsletter form
- Web pages that use cookies scripts
- E-Shop which collects personal payment information, orders
- Any sites that use third party services for annotations in their articles like Disqus, etc.
- Data processing for another company? Make sure you have a binding contract that lists the responsibilities of each party.
As we see, it’s about everyone!
What to Do
See what preparation your website/shop needs to be legitimate
WHAT YOU NEED TO KNOW
What are the GDPR requirements?
① Awareness
You need to make sure that decision makers and key people in your organization, know that the law is changing to GDPR. They have to assess the impact it is likely to have
② Information you hold
Identify which personal data you retain, where it came from and who you share with. You may need to organize an information check
③ Communicating privacy information
You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation
④ Individuals’ rights
Review procedures to make sure they cover all the rights that individuals have, including how you will delete personal data or provide the data electronically and in an ordinary format
⑤ Subject access requests
You need to update your processes and develop how you handle requests within the new schedules and provide any additional information
⑥ Lawful basis for processing personal data
The legal basis for your GDPR processing activity should be determined, substantiated and updated with your privacy notice to explain it
⑦ Consent
You should check the way you seek, record and manage your consent, and if you need to make any changes. Renew existing recommendations now if they do not meet the GDPR standard
⑧ Children
You should now start thinking if you need to install systems to verify the age of individuals and get the consent of parents or guardians for any data processing activity
⑨ Data breaches
You must make sure that appropriate procedures are in place to identify them, as well as report and investigate a personal data breach
⑩ Data Protection by Design and Data Protection Impact Assessments
You should now be familiar with the ICO Code of Practice on privacy impact assessments as well as with the latest Article 29 Working Group guidelines and determine how and when to apply them to your organization
⑪ Data Protection Officers
A responsible legal counsel should be assigned to take responsibility for compliance with data protection and to assess where this role will play in the context of its structure and governance. The case should perhaps be considered for an official data protection officer
⑫ International
If your organization is active in more than one EU Member State (ie conducting cross-border processing), you should specify your data protection supervisor. The Article 29 guidelines will help you do that
WHAT WE DO
What Vision4Reality does for GDPR
The personal information we collect is to facilitate the services we offer and keep only from Vision4reality and for as long as we have active cooperation. These are the address, name, VAT number (to issue a receipt or invoice), telephone. They are done with your consent once you sign up for your My Account. No payment card details are kept even if a card payment is made for security reasons. After the collaboration, all details and any communication made via your My Account system are deleted.
- The right to information (Learn more)
Our users must agree to the Terms of Use in order to create an account and complete the purchase. A user account can not be created and an order can not be executed without the user checking the checkbox to confirm its agreement in the Terms of Use. These Terms of Use also include a link to the Privacy Policy and all other important terms and service agreements.
- The right of access / right of rectification (Learn more)
Your account provides full self-service that gives you access to updating your personal information, such as name, email address, postal address, telephone number, etc.
- The right to data portability (Learn more)
Data portability means the right to receive personal data in machine readable form and the submission of a request to transfer this data directly from one controller to another. This right only applies when processing is based on consensus or performance of the contract and when the processing is done by automated means. There is no right to charge fees for this service. Upon your request, we extract a JSON file from the system of your personal data for their portability.
- The right to erasure (also known as the ‘right to be forgotten’) (Learn more)
If we receive a request to delete your account, all data associated with you is immediately deducted, including personal information on your profile, service history and invoice history, activity log entries, support tickets, and email history.
Αfter the expiry of a period of six months the inactive accounts are deleted automatically.
- Contract / Agreement (Learn more)
When you sign up and order for services you accept the terms of use. In this way, you sign a contract between the two parties (you and us) for the provision of the services. Collection of personal data about a person to fulfill a contractual obligation is a possible legitimate basis for collecting personal data. In a scenario such as this may mean that users are not consulted.
- Newsletter
The newsletter is sent to you with your consent as soon as your email is entered in the form on the main page.
The newsletter on your account profile has an acceptance or rejection option. Finally, in the newsletter campaigns there is the option to opt out.
Subscribe to our Newsletter
Stay tuned for the latest Internet & Technology news, how-to guides and exclusive offers!