您可能已经收到来自不同网站的许多电子邮件,说他们更新了他们的隐私政策。这是由于GDPR的实施。许多网站还使用弹出窗口来表明它们遵守 了欧盟的《通用数据保护条例》 。(General Data Protection Regulation)什么是GDPR?本文为您提供GDPR总结和合规方法。
什么是 GDPR
什么是欧洲基本权利(Fundamental Rights)宪章(Charter)?
在我们了解GDPR是什么之前,我们需要知道欧盟(European Union)向所有欧盟居民提供相同的基本数据保护——无论他们与位于欧盟(European Union)的网站还是欧盟以外的网站进行交互。
这来自欧洲基本权利宪章(European Charter of Fundamental Rights)( EUCFR ),其中包含有关欧洲公民许多其他权利的法律——例如受教育权、财产权、庇护权、婚姻权等(权利)。同一章程负责保护欧洲互联网(Internet)消费者的数据。GDPR基于章程的概念,即每个公民都有权保护其数据(every citizen has the right to protection of their data)。
GDPR 是欧盟通用数据保护条例(General Data Protection Regulation)。GDPR 中的 R 在某些情况下也代表改革(Reforms ),因为它对现有的数据保护法律进行了调整,以更好地保护欧盟公民。而EUCFR真正意味着欧盟公民的数据保护应该在世界范围内是一样的。因此,如果您认为您的企业位于欧盟以外且法律不适用于您,那您就错了。您也必须遵守欧盟的GDPR。稍后我们将讨论GDPR 合规性(GDPR compliance )。
欧盟议会于(EU Parliament)2016 年 5 月(May 2016)以多数票通过了GDPR。这应该在2018 年5 月 25(May 25)日之前实施。这意味着网站管理员和在线企业主有两年时间来遵守GDPR。那时他们开始推出电子邮件和弹出窗口,说他们的隐私政策已更新。
GDPR 摘要
根据欧盟(EU Charter)基本权利(Fundamental Rights)宪章,Directive 2016/680,GDPR可概括如下:
每当刑事执法当局使用个人数据时,该指令 ( GDPR ) 保护(欧盟)公民的基本数据保护权利。(GDPR)它将特别确保受害者、证人和犯罪嫌疑人的个人数据得到适当保护,并将促进打击犯罪和恐怖主义的跨境合作
有关GDPR如何打击犯罪和恐怖主义的更多信息,请阅读此 PDF(read this PDF)
GDPR的总结是,欧盟与数据保护和数据盗窃有关的不同指令集已被安排在一个法案中,以保护用户的整体利益。这有两个主要条款。网站必须通知用户他们存储的所有数据。如果用户希望删除他的数据(如果用户选择退出),则网站应停止收集有关该用户的任何数据。这适用于全球的在线服务(网站),而不仅仅是欧盟(European Union)的在线服务(网站) 。
GDPR 合规性——(GDPR Compliance –)您的组织准备好了吗?
为了确保GDPR得到正确实施,一个名为(GDPR)欧洲数据保护监督员(European Data Protection Supervisor)的独立欧盟机构已经成立。该机构负责处理任何违规行为,并与网站管理员和刑事调查机构打交道。
如前所述,许多组织认为它们位于欧盟之外,因此它们不受GDPR的约束。但事实并非如此。他们也必须遵守。以下是确保您的组织轻松遵守GPDR的一系列事项。
- 列出您正在收集数据的来源;可以在线购物网站、正常支持网站、在线跟踪;网络营销等
- 检查正在收集的数据是否是在用户同意的情况下进行的;这意味着应该有一种方法让用户知道您正在收集数据并解释您收集的所有数据以及原因
- 检查数据库,看看您的客户是否同意收集他们的信息;如果尚未同意,请在他们访问您的网站以获得他们的同意时向他们发送电子邮件或向他们展示在线弹出窗口
- 在邮件或隐私政策弹出窗口中,包含指向详细隐私政策的链接;应正确编写隐私政策,以让普通(非合法)用户知道他们在您的网站上发生的事情
- 您的网站上应该有一个 cookie 同意表或弹出窗口,您可以在其中告诉用户您正在收集他们的信息
上面的列表应该可以帮助您做好准备。您必须仅向欧盟的用户展示它,但向所有人展示它并没有什么坏处。例如,仅当来自欧盟的人访问Blogger上托管的博客时,博客网站才会显示(Blogger)GDPR合规通知。对于WordPress,这里是创建 WordPress GDPR 合规通知的方法(how to create a WordPress GDPR compliance notice)。
警告(WARNING):由于害怕社会工程,建议您在确定它是合法电子邮件之前不要点击任何电子邮件中的链接。如有疑问,请在浏览器地址栏中输入网站URL并导航至(URL)隐私政策(Privacy Policy)。
阅读下一篇(READ NEXT):什么是数字主权?(What is Digital Sovereignty?)
What is GDPR – Summary of GDPR, Compliance and other details
You might have received many emails from differеnt websites saying they updated their privaсy policy. It was due to thе implementation of GDPR. Many websites also used popups to indicate that they were complying with the General Data Protection Regulation of the EU. What is GDPR? This article gives you GDPR summary and methods for compliance.
What is GDPR
What is European Charter of Fundamental Rights?
Before we understand what GDPR is, we need to know that the European Union guarantees same fundamental data protection to all residents of EU – be they be interacting with websites located in the European Union or websites outside of EU.
This comes from European Charter of Fundamental Rights (EUCFR) that has laws regarding many other rights of European citizens – such as a right to education, right to property, right to asylum, right to marriage, among other things (rights). The same charter takes care of data protection of European consumers of the Internet. GDPR is based on the charter’s notion that every citizen has the right to protection of their data.
GDPR is EU General Data Protection Regulation. The R in GDPR also stands for Reforms in some cases as it brings in tweaks to existing laws on data protection to better protect EU citizens. And the EUCFR really means that the protection of data of citizens of EU should be the same across the world. So, if you think that your business is located outside EU and the law doesn’t apply to you, you are wrong. You too have to comply with EU’s GDPR. We will talk about GDPR compliance in a while.
The GDPR was adopted in EU Parliament with a good majority in May 2016. This was supposed to be implemented by May 25, 2018. That means webmasters and online business owners were given two years to comply with the GDPR. That was when they started rolling out emails and popups saying their privacy policies were updated.
GDPR Summary
According to EU Charter of Fundamental Rights, Directive 2016/680, the GDPR can be summed up as follows:
The directive (GDPR) protects (EU) citizens’ fundamental right to data protection whenever personal data is used by criminal law enforcement authorities. It will in particular ensure that the personal data of victims, witnesses, and suspects of crime are duly protected and will facilitate cross-border cooperation in the fight against crime and terrorism
For more information on how the GDPR aims to fight crime and terrorism, read this PDF
The summary of GDPR is that the different sets of directives relating to data protection and data theft in EU have been arranged into one act to protect the overall interest of the users. This has two major clauses. The websites have to inform the users what all data they are storing. If the user wants his data to be removed (if the user opts out), the websites should cease from collecting any data about that user. This applies to online services (websites) all over the planet and not just the ones in the European Union.
GDPR Compliance – Is your organization ready for it?
To make sure that the GDPR is implemented properly, an independent EU body called European Data Protection Supervisor has been formed. This body takes cares of any violations and deals with both the webmasters and the criminal investigating agencies.
As said earlier, many organizations think they are based out of the EU, so they are exempt from the GDPR. But it is not so. They too have to comply. Here is a list of things to do to make sure your organization is readily complying GPDR.
- Make a list of sources from you are collecting data; it could online shopping sites, normal support sites, online tracking; online marketing, etc
- Check to see if the data being collected is being done so with the consent of the users; that means there should be a way to let users know that you are collecting data and explain what all data you collect and why
- Check the database and see if your customers have consented to the collection of their information; if not consented already, send them an email or present them with an online popup when they go to your site for obtaining their consent
- In the mail or privacy policy popup, include a link to detailed privacy policy; the privacy policy should be written properly to let the average (non-legal) users know what is happening when they are on your site
- There should be a cookie consent form or popup on your website where you tell users that you are collecting their information
The above list should help you get ready. You have to display it to users only in EU, but there is no harm in displaying it to everyone. For example, blogger sites show the GDPR compliance notice only if a person from EU accesses the blogs hosted on Blogger. For WordPress, here is how to create a WordPress GDPR compliance notice.
WARNING: Due to fear of social engineering, it is advised that you do not click links in any email until you are sure that it is a legitimate email. If in doubt, type the website URL in the browser address bar and navigate to Privacy Policy.
READ NEXT: What is Digital Sovereignty?