The FairData Audit

In a GDPR era you need to be transparent with your users and ask them for permission to use their data. Don’t be the next Mark, get a FairData audit to gauge public acceptance of your organisations data practices. Receive advice from ethics experts on how to adapt your business model to balance a profitable business model with a convenient yet publicly acceptable data policy. Gauge public acceptance by applying the European data ethics framework to your company or research institution.

How to be GDPR compliant

The General Data Protection Regulation (GDPR) states the rules of engagement when dealing with Europeans online no matter where your company is registered or your databases lie. Fines for non-compliance can be up to € 20 million euros or 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher. You can read the original legislation here, or listen to the audio version on GDPR Out Loud.

Data Minimisation

You need to collect the bare minimum to make the service you provide possible. No more.

Be Transparent with your Users

You need to explicitly tell your users what you are doing with their data. See the template to find out what to include in the terms and conditions, cookie i,privacy policy, and any other legal documentation.

Ask for Permission

You need opt in informed consent from your users to use their data. Read more about state of the art design principles for informed consent. It should be as easy to opt out as it is to opt in.

Respond to Requests

Your users have rights which you can read about here. If they make a request, you need to respond with a complete answer.

Assign a Data Protection Officer

Your organisation needs to appoint a person who is responsible for speaking to authorities and users about data related issues.

Give the Contact Details of the Data Protection Officer

The name, email, and number to reach the Data Protection Officer needs to be readily available online. You also need to let Data Protection Agency know, see their contact details here.

Write a Data Impact Assessment Report

The Data Protection Officer needs to write a Data Protection Impact Assessment and send it to the Data Protection Agency, see their contact details here. See the Data Impact Assessment template here to find out what to include. If you change what you do with data, you need to update the Impact Assessment report.

Report breaches

If there is a data breach in your organisation the Data Protection Officer needs to notify your users and the national Data Protection Agency (contact details here) as soon as you find out about the breach.

 

Security Measures for Developers

Developers play a critical role in ensuring that the data is securely stored and transacted as well as minimising the amount of data needed for the service provided.

 

Design Principles for Informed Consent

Designers play a critical part in ensuring your users are properly informed, are giving their permission knowingly and are able to change their mind easily.

Colour

The colour contrast needs to make it possible to read all information. Be aware of colour blindness

Font Size

User a minimum font size of 11.

Button Size

The button to accept should be the same size as the button to reject.

Number of Clicks

The number of clicks to accept should be the same as the number of clicks to reject.

Order of Information

You need to give your users all the information before they accept or reject the proposal.

Make it easy for your users to change their mind

You need to have a simple procedure for a user to change their mind, for example, unsubscribe from a newsletter or stop transferring data.

Be Transparent

The information about what is happening to user data should always be easy to find and clear to understand before or after giving consent.

Minimisation

Only use user data which is absolutely necessary to provide the service.

How do I get a FairData Certificate?

 

Leave your email to subscribe to the Own newsletter.

* indicates required