For those who visit your website, your website browser is collecting some basic information on those visitors. The type of information may vary, it might be Google Analytics processing where the visitors are coming from as well as following them as they click through your website, or it may simply be remembering which pages they visited last time
Newsletters / Email Blasts
if youre collecting personal data from an EU resident, then you must obtain explicit consent thats specific and unambiguous.In other words, you cant just send unsolicited emails to people who gave you their business card or filled out your website contact form because they DID NOT opt-in for your marketing newsletter.
For it to be considered explicit consent, you must require a positive opt-in (i.e no pre-ticked checkbox), contain clear wording (no legalese). You will now see an ‘opt-in” option on many forms.
Rights to Data
You must inform individuals where, why, and how their data is processed / stored. An individual has the right to download their personal data and an individual also has the right to be forgotten meaning they can ask that their data to be deleted.
When you hit Unsubscribe or ask companies to delete your profile, it now has to actually happen.
Organizations must report certain types of data breaches to relevant authorities within 72 hours, unless the breach is considered harmless and poses no risk to individual data. If a breach is high-risk, then the company MUST also inform individuals who are impacted right away.
Data Protection Officers
if you are a public company or process large amounts of personal information, then you must appoint a data protection officer. This is not required for small businesses. Consult an attorney if you’re in doubt.