GDPR - personal data protection in EU
On 25 May 2018 comes into force GDPR regulation on personal data protection in European Union. It will effects everyone who receives, collects and processes personal data of individuals in the EU.
Each operator is obliged to implement appropriate technical and organisational measures while personal data processing to meet the GDPR's requirements and protect data individuals' rights. Encryption is considered as one of the possible measures to protect sensitive data.
Personal data may be processed if you have a consent to processing of those personal data for one or more specified purposes or if the processing of personal data is necessary to fulfill the contract with the person concerned. The person concerned must be informed of the way and range of processing his data and the data may be further processed only for the purpose for which they were obtained.
The ClickEshop have a new platform to align with European legislation on data protection. Data are stored in systems with high security and stability. Projects are run in a secured data center with latest technologies and stored in encrypted form.
As a project administrator, you will face some obligations to ensure compliance with the GDPR. This is especially the following:
- modify business conditions - inform customers about data that you are processing, the purpose of their processing and where they are used. Give names of the specific companies that process data for order execution
- on client's request - delete client - delete customer from registered customers
- secure page with SSL certificate - in case your page uses customer login or collects data about clients (eg registration, newsletter, etc.), it is necessary to secure the page with SSL certificate that ensures secure encrypted data transfer between the user and the page
- carefully keep access data to the system and secure them from unauthorized use
- not provide customer data to third parties unless the user gave the consent
You can order the SSL certificate from the price list additional service: https://clickeshop.com/webshop/price-list-a-features/m739
In the case of "privacy breaches" that lead to their loss, alteration, destruction or unauthorized usage, the operator is obliged to notify the relevant supervisory authority without undue delay. The operator should make the notification within 72 hours at latest.
Keep in mind that presonal data protection also applies to data that you have stored elsewhere outside of the internet store, eg in email, inbox, computer documents, google analytics etc.