On the 25th of May 2018, people on social media jokingly posted “Happy GDPR Day!” But, of course, it was no joke trying to become compliant with the EU’s latest data protection effort, the General Data Protection Regulation (GDPR). The GDPR affects all sizes of business anywhere in the world if they deal with EU citizens’ data.
Now, more than a month later, many businesses are still worried about ticking the GDPR boxes. To help you test your knowledge, we’ve devised a mini-quiz to go through some of the main points that the GDPR covers.
Consent is a mainstay of the GDPR, but there are nuances to its use under different circumstances. One of the main requisites of consent under GDPR is to give control to the user in how their data is processed.
YES, my organization is in compliance because we have the following in place (where appropriate):
- We give the user a clear, affirmative option to consent to use of their data when marketing to them
- Our consent request is separated from our T&Cs
- We don’t use pre-ticked “I agree to consent” tick boxes
- We are not taking blanket consent for multiple uses of data. Instead, we take consent per use
- Third parties who also need consent for data are clearly identified
- We keep consent receipts to prove consent is taken
- We allow people to revoke consent and tell them they can
- Any services offered to children verify their age and/or take parental consent
No, my organization is not in compliance because:
- The “consent to share” data tick boxes are pre-checked
- We do not allow users to remove consent
- We do not take consent at all
What Should We Do?
Consent may seem like an onerous task, but it’s worthwhile to do right. Consent is (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/E_JSlUAvJIk/