On 25 May 2018 comes into force GDPR regulation on personal data protection in European Union. It will effects everyone who receives, collects and processes personal data of individuals in the EU.
Each operator is obliged to implement appropriate technical and organisational measures while personal data processing to meet the GDPR's requirements and protect data individuals' rights. Encryption is considered as one of the possible measures to protect sensitive data.
Personal data may be processed if you have a consent to processing of those personal data for one or more specified purposes or if the processing of personal data is necessary to fulfill the contract with the person concerned. The person concerned must be informed of the way and range of processing his data and the data may be further processed only for the purpose for which they were obtained.
The ClickEshop have a new platform to align with European legislation on data protection. Data are stored in systems with high security and stability. Projects are run in a secured data center with latest technologies and stored in encrypted form.
As a project administrator, you will face some obligations to ensure compliance with the GDPR. This is especially the following:
In the case of "privacy breaches" that lead to their loss, alteration, destruction or unauthorized usage, the operator is obliged to notify the relevant supervisory authority without undue delay. The operator should make the notification within 72 hours at latest.
Keep in mind that presonal data protection also applies to data that you have stored elsewhere outside of the internet store, eg in email, inbox, computer documents, google analytics etc.