Last Updated: March 16, 2022
In the digital era, when more people entrust their personal data to the internet and cloud services, there is a need like never before to inform them how their data is being used. In 2016, the EU legislation introduced a new privacy law, the General Data Protection Regulation (GDPR). It is an updated version that replaced the Data Protection Directive.
What Is a Privacy Notice?
- Written in clear and plain language
- Transparent, down-to-the-point, easily accessible, and intelligible
- Free of charge
- Distributed and updated in a timely manner
What Is GDPR and Why Is It Important?
On May 25, 2018, the European Union adopted a new type of data regulation. Even today, it still remains the toughest online privacy law. Its main goal is to give individuals more insight and control over how organizations use their data and how the same data is protected from potential fraud by third parties.
The importance of GDPR lies in the fact that it enhances the protection of European citizens’ data rights, and gives companies and organizations a clear outline of what they must do to protect these rights. An owner of a company might be subject to hefty fines of up to 4% of their global revenue or twenty million euros, whichever is higher if they fail to comply with the GDPR requirements.
|The privacy notice should make it easy to understand how an organization will use an individual’s data.|
|The website privacy notice should be short and written in simple language so that all users will understand it easily.|
|Transparency is a key principle of GDPR, preventing companies from processing data without users’ consent.|
|According to the GDPR, individuals have the right to be informed about how their data is processed and protected.|
- What type of information is collected
- How the information is collected
- Who collects it (contact info)
- Who uses it
- How is the information stored
8 Rights Customer Have Under the GDPR
The right to erasure
The right to erasure, a.k.a the right to be forgotten, is found in Article 17 of the GDPR. It means that individuals can ask an organization that has collected their data to erase it. The organization then has a legal obligation to act accordingly. This is done most often when the personal data collected are no longer necessary for the purposes for which it was collected in the first place.
The right to rectification
The right to restrict processing
European data subjects have the right to block any data processing or usage, especially when the controller no longer needs the data for its original purpose. Specifically, individuals can limit the way an organization uses its data.
The right to access
After the data is collected, individuals have the right to request a copy of the personal information that an organization stores on them.
The right to data portability
Another right mentioned in article 20 of the GDPR privacy notice is the right to data portability. This right allows European data subjects to transfer any data from one controller to another while transferring securely in a machine-readable format. Whenever possible, it also allows an automatic data transfer from one controller to another, without the data subject’s involvement.
The right to object to processing
At any moment when customers feel as if their data is used without their explicit consent, they are free to object to the misuse of their data.
Whether you transfer data internationally
Legal basis for data collecting
Under GDPR requirements, any organization needs to have a valid reason for using personal data. There are six lawful reasons for collecting and processing personal data:
- performance of a contract
- legitimate interest
- vital interest
- legal requirement
- public interest
The phrase is taken from the official PDF format found on the official GDPR site. It recommends using simple, yet meticulous language to make sure that the information is conveyed as clearly as possible.