Here, we are not talking about Molecules, Atoms and not even Elements, but about your Information Technology legacy and future and how it will affect your company’s Data Protection Policy as a whole. Once upon a time, a Certificate was required for websites for accepting Credit Cards and for financial operations. Today, your website may not be secure, and later this year, Google will begin to put up a giant red flag that most of your page visitors will see:
Needless to say, this warning will spook many of your visitors (customers/clients/buyers) and they will simply leave your site. The way to fix this is to add what’s known as a SSL Certificate, which tells the visitor that your site belongs to your business, and also encrypts the data they input (such as their name, email, password, and payment info.) We have various solutions for you. The most efficient and straight forward is via: https://www.ssl2complyseo.com/ There is a video on the front page that explains SSL more in detail. However, we will need your Control Panel details in order to be able to install the SSL certificate and check eventual issues and solve them accordingly. The installation process is ~15 mins. Otherwise, by Spring 2018, many of your site visitors will likely take their businesses elsewhere, and your site traffic will see a significant reduction. This will cause you to lose leads, rank in listings, and ultimately – money, so please reach out to us as soon as possible. Needless to say that our team has the knowledge, experience and the ability to troubleshoot systems, coding etc. and we have been in the Internet Business since 1996. Now that we control the behavior of HTTPS for your website, let’s get into the subject matter GDPR (General Data Protection Regulation) which is the next problem to be taken care of by 25th May, 2018. The EU GDPR will increase privacy for individuals and give regulatory authorities greater powers to take action against businesses that breach the new laws. Note: The regulation also applies to non-EU companies that process personal data of individuals in the EU. Some “agencies” are presenting GDPR as a burden to Companies *and* also put forward the penalties that the EU have announced. (Fines of up to 4% on annual turnover or €20 M, whichever is the greater.) GDPR will certainly force organizations to take more care over the data they store. We are going to explain what GDPR is in a few steps: 1. Data Protection by Design and by Default In addition to the regulations surrounding public notification, Article 25 of GDPR mandates that data protection be implemented ‘by design and by default.’ As a result, it is imperative that organizations ensure software applications are secure throughout their lifecycle, with data protection measures designed in from the very beginning. 2. Appoint a Data Protection Officer (DPO) Article 37(1) of the GDPR states that a DPO must be appointed if: – The relevant data processing activity is carried out by a public authority or body; – The core activities of the relevant business involve regular and systematic monitoring of individuals, on a large scale; or – The core activities of the relevant business involve processing of sensitive personal data, or data relating to criminal convictions and offenses, on a large scale 3. Track sensitive data and report any breaches Organizations that control personal data are required to report personal data breaches that pose a risk to the rights and freedoms of individuals to their supervisory authorities without undue delay, and, where feasible, no later than 72 hours once they become aware of the breach. 4. Extended individual rights The GDPR provides the following rights for individuals: – The right to be informed – The right of access – The right to rectification – The right to erasure – The right to restrict processing – The right to data portability – The right to object – Rights in relation to automated decision making and profiling. 5. Cross-border data transfers The position under the General Data Protection Regulation “GDPR” relating to international transfers of personal data is similar to the existing regime under the Data Protection Directive (the “Directive”). However, there are a number of important differences that are likely to have key practical implications. 6. Understand International guidelines If your organization operates in more than one EU Member State, determine your lead data protection supervisory authority. Not sure where to start? In December 2016, the Article 29 Working Party (“WP29”) published its Guidelines for Identifying a Lead Supervisory Authority to help organizations with this determination. 7. Check your systems for minors Minors age must be checked and legal consent obtained if and where necessary. 8. Ditto for general Data processing Did you get explicit authorization from your users? Define a Privacy Policy and get your users to tick a box and acknowledge that they agree to it.
As you can see, this is obviously not as exhaustive as you might imagine. We have not been thrifty on the information and as a matter of fact, the EU issued the full blown works here:
Documents
Law: General data protection regulation – (EU) 2016/679 Directive (EU) 2016/680 on the protection of natural persons regarding processing of personal data connected with criminal offences or the execution of criminal penalties, and on the free movement of such data What can Certified Internet Solutions Group do for you in all this?
  1. Secure your website in order to comply with SSL/Data collection (first part of this article)
  2. Conduct an audit of your IT and through our partnership with Law Firms in your country advise you on how to effectively get to terms with the EU:

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

of 27 April 2016

on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).