The General Data Protection Regulation (GDPR), which is probably the biggest change so far in the field of data privacy regulation law, will come into effect on the 25th May 2018.
Combining all the European data privacy laws into one regulation, the new law provides European Union citizens a much stronger and better control over the way their personal data is being tracked, collected, used and stored online.
Although GDPR applies primarily to online businesses in the EU, it will also affect website owners and developers outside the EU who are tracking, collecting and storing any kind of personal data from any European Union citizen.
WordPress, meanwhile, ruling over 60% of the CMS market and powering over 30% of global websites, increases the chances of a huge number of websites getting affected by the GDPR. If you run a WordPress-powered website that collects or monitors any kind of personal data from the citizens of the European Union; it’s time to get it ready for the GDPR.
Through this blog post, we’ll discuss this topic, but let’s first take a brief look at several new Data Subject Rights given to users in the GDPR!
An individual’s rights under GDPR
Apart from being extra-territorial, the new GDPR regulation brings nine new rights to users, allowing them to have more control over the collection and usage of their personal data. These rights are:
- Right to be informed. An individual has the full right to be informed about how their personal data is being collected and used.
- Right to access. Every user has the right to access and download their personal data in the form of an electronic copy provided by the website owner free of cost.
- Right to Rectification. The new GDPR regulation gives users the power to rectify any inaccurate personal data or complete it if it is not complete.
- Right to Erasure. Also known as the right to be forgotten, this right allows individuals to leave a website and have any personal data erased anytime.
- Right to Restrict Processing. According to this right, every user will have the ability to restrict or suppress the processing of their personal data anytime.
- Right to Data Portability. The new GDPR regulation empowers users to download and reuse their personal data for their own purposes.
- Right to Object. An individual can prohibit the use of any particular data for direct marketing or any other purpose anytime.
- Right to be informed about Data Breaches. In case of a data breach, the website owner must notify users within 72 hours of knowing about the breach.
- Rights related to Automated Decision Making. The GDPR regulation prevents users from being subject to a decision made without the active involvement of a human.
The new GDPR legislation applies to any information that can be used to recognize the identity of a living person directly or indirectly. In fact, the new regulation redefines the scope of personal information to strengthen users’ rights regarding the collection, storage, and usage of their personal data online. As a result, it now counts even small details like an IP address as personal data.
Other data considered to be personal include:
- Name
- Photo
- Mobile number
- Email address
- Physical address
- Location data
- IP address
- Social security number
- Profiling, sales and analytics data
- Online Behavior (Cookies)
Furthermore, the new law also applies to sensitive…
