This new European regulation was published in May 2016 and will come into force as of May 25,replacing the Organic Law on Data Protection ( LOPD ). And there is practically no web page that is not affected, no matter what type it is, from any blog to the very Facebook.
To whom the new data protection law applies
The new law affects practically any entity that operates within the European Union and manages data from its users, be it a physical or digital company. That is, to all God!
Those affected are:
- Organizations with physical presence in at least one country of the European Union.
- Organizations that store or manage data on residents of the European Union.
- Organizations that use third-party services that store or manage data on residents of the European Union.
This means that if you have any type of form in the contact section, a subscription form to your newsletter, or even a basic form in any corner of your website in which any EU user leaves his mail, the law It affects you. In fact, even if your website or online store is from Latin America and has traffic from Europe, it also affects you. Obviously if you are an online store that handles the payment data (credit cards) of your customers, it is a much more delicate level.
Penalties of up to 20 million euros
Yes, yes, as you just read. Failure to comply with these rules implies much harsher penalties than hitherto, which can go up to 20 million euros (the law provides for fines of up to 4% of the annual turnover), which ridicules what is proposed by the current law, sanctions up to € 600,000.
News of the RGPD
To give you an idea, the most important novelty is that you can no longer work with third-party databases, but also that the definition of personal information is extended: any data that we request and that is not directly related will fall into this category. with our activity.
In addition, it contemplates greater protection for individuals:
- Right to be informed: we must offer more transparency on how your personal data will be used.
- Right to access: it is necessary to provide access to the data of each user and explain how they are used.
- Right to rectification: any incorrect information must be able to be corrected.
- Right to be deleted: the data must be deleted if there is no good reason to store them.
- Right to restrict processing: the user can allow us to store their data, but not to use it.
- Right to data portability: the user has the right to make copies of their data to be used elsewhere.
- Right to object: the user can now object to certain uses of their data so that they are not used for certain purposes.
How it affects, in practice, an e-commerce
The new data protection law implies that the following practices can no longer be carried out under any circumstances:
- Send emails who have not actively requested to be on our list.
- Buy lists from third parties or merge lists of different companies.
- Send automatic emails to recover abandoned carts or report offers, unless the buyer has given express permission.
- Refusing to provide customers with their personal information if requested