In a GDPR era you need to be transparent with your users and ask them for permission to use their data. Don’t be the next Mark, get a FairData audit to gauge public acceptance of your organisations data practices. Receive advice from ethics experts on how to adapt your business model to balance a profitable business model with a convenient yet publicly acceptable data policy. Gauge public acceptance by applying the European data ethics framework to your company or research institution.
How to be GDPR compliant
The General Data Protection Regulation (GDPR) states the rules of engagement when dealing with Europeans online no matter where your company is registered or your databases lie. Fines for non-compliance can be up to € 20 million euros or 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher. You can read the original legislation here, or listen to the audio version on GDPR Out Loud.
You need to collect the bare minimum to make the service you provide possible. No more.
Be Transparent with your Users
Ask for Permission
You need opt in informed consent from your users to use their data. Read more about state of the art design principles for informed consent. It should be as easy to opt out as it is to opt in.
Respond to Requests
Your users have rights which you can read about here. If they make a request, you need to respond with a complete answer.
Assign a Data Protection Officer
Your organisation needs to appoint a person who is responsible for speaking to authorities and users about data related issues.
Give the Contact Details of the Data Protection Officer
The name, email, and number to reach the Data Protection Officer needs to be readily available online. You also need to let Data Protection Agency know, see their contact details here.
Write a Data Impact Assessment Report
The Data Protection Officer needs to write a Data Protection Impact Assessment and send it to the Data Protection Agency, see their contact details here. See the Data Impact Assessment template here to find out what to include. If you change what you do with data, you need to update the Impact Assessment report.
If there is a data breach in your organisation the Data Protection Officer needs to notify your users and the national Data Protection Agency (contact details here) as soon as you find out about the breach.
Security Measures for Developers
Developers play a critical role in ensuring that the data is securely stored and transacted as well as minimising the amount of data needed for the service provided.
Secure your data
Ensure that your use encryption in your own databases.
Get an SSL certificate
Make sure that your domain has an SSL certificate and activate the automatic redirection to HTTPS.
Use Secure Third Party Services
If you use third party services, for example for hosting, plugins, or newsletters, make sure they use encryption and if they do not, change to another provider.
Design Principles for Informed Consent
Designers play a critical part in ensuring your users are properly informed, are giving their permission knowingly and are able to change their mind easily.
The colour contrast needs to make it possible to read all information. Be aware of colour blindness
User a minimum font size of 11.
The button to accept should be the same size as the button to reject.
Number of Clicks
The number of clicks to accept should be the same as the number of clicks to reject.
Order of Information
You need to give your users all the information before they accept or reject the proposal.
Make it easy for your users to change their mind
You need to have a simple procedure for a user to change their mind, for example, unsubscribe from a newsletter or stop transferring data.
The information about what is happening to user data should always be easy to find and clear to understand before or after giving consent.
Only use user data which is absolutely necessary to provide the service.
How do I get a FairData Certificate?
Request a FairData certificate with a click of a button.Share your concerns with us so that we can propose a tailored solution.
Receive a full report analysing why some of your users do not give you permission and what you can tweak in your model to increase the number of people giving you permission.
Show your users that you genuinely care about their privacy. Have your company logo listed as having gone through FairData audit on the Own website.