
Joris De Groot
Any website that collects data from its visitors will have to be in full compliance with the new rules on General Data Protection Regulation (GDPR), or 'Algemene Verordening Gegevensbescherming' (AVG) in Dutch, from the end of May 2018. This is quite a mouthful, but what exactly does the term mean and what does the new regulation mean? We will provide a word of explanation, because you will have to be the rule anyway in order to avoid potential sample fines (up to 20 million euros or 4% of the annual worldwide turnover!).
GDPR is actually the successor to the data protection directive, which dates back to 1995. More than 20 years ago, the European Union adopted a set of rules on the protection of individuals' online data, but given the steep developments in Internet technology over the last two decades, its update was urgently needed. With all these new technologies and elements such as the cloud and social media, personal data is now at the centre of attention and its protection must also be guaranteed.
According to the new GDPR legislation, data protection must be 'ingrained' in the design of business processes. By default, all privacy settings must be strict. Organisations must therefore be able to demonstrate that they have taken appropriate technical and operational measures to adequately protect all personal data they store and process, depending on the risk involved. This includes issues such as access control, anonymisation and pseudonymisation, encryption, risk analysis and so on.
In summary, the GDPR legislation means the following:
The new GDPR legislation has far-reaching implications for any kind of data collection, as you already know. But how do these rules express themselves in concrete terms? We would like to list a few practical examples:
As a web agency that always attaches great importance to security, it is our duty to help our customers to be in line with GDPR. Indeed, failure to comply with GDPR rules results in high fines being imposed on website owners, but Calibrate, as a web agency, can also be held responsible for this. Our intention, therefore, is to implement the new GDPR legislation correctly, together with our customers, so that any chance of fines being imposed is ruled out.
You see, the new GDPR legislation is not just a small change to the rules, and will require a lot of adjustments for some websites. One thing is certain: not following these changes is certainly not an option. After all, if any irregularities are found after 25 May 2018, serious fines can be imposed. The maximum fine could be up to EUR 20 million or 4% of the annual worldwide turnover, whichever is higher.
For more information read our other articles: GDPR for marketers in 6 steps and your cookie policy in line with GDPR thanks to Google Tag Manager (GTM) + roadmap.