Complying with GDPR rules

Complying with the RGPD rules requires concrete actions from businesses, in particular with regard to obtaining users' consent for the collection and processing of their personal data. Here are some practical examples of what businesses need to do to comply with the RGPD rules:

1.       Ask for explicit consent from users

Businesses must obtain explicit consent from users before collecting and processing their personal data. Consent must be given in a free, informed and specific manner. Companies must clearly explain to the user why their data is being collected and how it will be used. Users must also be able to withdraw their consent at any time.

2.       Implement privacy policies

Companies should have detailed privacy policies in place that explain how personal data is collected, used and stored. Privacy policies should be easily accessible to users and should be written in clear, easy-to-understand language.

3.       Ensure data security

Companies must put in place adequate security measures to protect the personal data they collect and process. This includes technical and organisational measures, such as encrypting data, limiting access to data, and training staff on good data security practices.

4.       Respect users' rights

Companies should respect users' rights, such as the right to access their personal data, the right to rectify or erase it, and the right to object to its processing. Users should also be informed of their rights.

5.       Establish data breach notification procedures

Companies should have data breach notification procedures in place. This includes notifying affected users and competent authorities within 72 hours of discovering the breach.

As regards the practical application of the GDPR standards on websites and newsletters, companies must ensure that users have given their explicit consent before collecting their personal data. Consent forms should be clear, simple and specific, and should not be pre-ticked. Businesses should also give users the opportunity to withdraw their consent at any time and remove their personal data from their database.

Companies should also ensure that their privacy policies are easily accessible on their website and in their newsletters, and that they are written in clear, easy-to-understand language. Privacy policies should clearly explain how personal data is collected, used and stored, and what rights users have.