The General Data Protection Regulation is there so that when I’m trying to find out which Harry Potter character I am, or when I want to make use of some betting promo codes, I don’t want the person on the other side of the screen to know that I’m a 41-year-old male from Wisconsin, who is an atheist and a Republican, in addition to being the owner of two cats who happens to love Harry Potter. I’m not a single one of those things, but you get the idea. So, how do companies make sure that their sites are compliant with GDPR?
Reporting a Breach
Under the rules of GDPR, if a website experiences a breach of any kinds, they have to notify its users within 72 hours, instead of playing dumb like a certain social media platform that shall remain unnamed once did for its umpteenth data loss.
This is a legal obligation, so websites that are serious about their business usually use an automated system of some kind, like a WordPress plugin, to send a mass message.
No Legal Tricks
When you visit a website, be it a betting website, a retail giant like Amazon, or any other kind of site that requests your email address, they cannot send you prefilled message boxes that force you or heavily influence you to opt-in getting messages, deals, and newsletters. These forms have to be blank.
Furthermore, the opt-in should not be bundled up. It’s not the same whether you are collecting the data to send ads and to learn more about your customers. Every such agreement between the user and the site has to be kept separately. Finally, the users should be able to opt-out without jumping through hoops to do so.
Rights of Users
There are three big ones. The Right to Access simply means that a user has to be able to easily understand what data is taken from them and for what purpose. The Right to be Forgotten, as the name implies, is the right of the user to make a website erase all of their data b withdrawing consent. Data Portability is the right of the user to make a copy of the data collected by the website for their own personal use or to share it with a third party.
Many sites use third parties for collecting and tracking data, as well as certain processes, such as payments and tracking of certain objects. That is fine, as long as these third parties are also following GDPR.
WordPress updates sometimes jumble everything up, as is the case with almost every platform every now and then. Sites have to make sure that the changes that are implemented do not in any way hinder the website’s effectiveness while also protecting the user data.
These things may be annoying, but they make the users more aware of the data they are giving away and the purposes towards which those practices are aimed. Websites are required to notify their users every time there is a change or update.