GDPR compliance can be terribly unpleasant, since it has an incredible amount of information that is spread throughout the network. Some parts of the content found on the Internet are confusing and do not contain the details you really need to meet the requirements. A well-crafted GDPR checklist is pure gold because it offers you an umbrella against the announced fines. While joining the GDPR seems like a lot of work, organizing and structuring this workload can greatly alleviate the situation. The checklist is the first step in enforcing a new set of rules. After all, you must start somewhere.
Can you get your consent?
The cornerstone of is gdpr compliance. You needed the consent before the GDPR, but obtaining it was much easier. Now, in the context of the new rules, obtaining consent is no longer reliable. The GDPR clearly states that if legitimate interests are not affected, having clients say “yes” must be done explicitly, using simple wording, finding out the reasons for requesting consent. The user must know exactly why and who will use their personal data.
The presence of a legitimate interest does not amount to consent, since the data obtained cannot be used for purposes other than those implied. After obtaining consent heroically, you must register and protect it, as well as be ready to transfer it upon request.
In simple terms, you should spend some money or time to develop a new design for a consent request, forgetting all these previously verified check boxes, providing users with extensive information about their actions, updating their conditions and no longer hiding them in small letter. Agree?
Thanks to this recently improved data protection law, the interested party, that is, any identifiable person, has acquired many interesting rights, therefore, DSR, which is really small for the rights of the interested party. All of them are simple and understandable, but, in one way or another, in the last decade we have never thought of them.
Power for people
You need to store and organize all the information you have about your customers. Simply giving them an email with numbers and letters inside will not work. You must provide customers with structured and easy to understand information in a single format.
From the point of view of compliance, you can imagine that this involves several investments in new tools that will provide users with easy access or structure the information they have and simplify the process, optimizing it as best as possible.
Forgotten and Forgiven
Without entering into philosophical discussions about the state of man, people have this right, and you must provide them with the basics. If you wish to receive a removal request, you must implement it. The difficult part here is the deadline, as it is mentioned that the data controller must act “without undue delay”. In simple language, this means fast, but in a legal conversation, everything is a bit confusing.