GDPR - What is it?

 

Firstly, GDPR stands for General Data Protection Regulation.
GDPR is a set of rules that have been laid out to hand over data control to the owner (you) of any stored data that any business or services may have on you. At first this may seem overwhelming and a little worrying but don't fret, it's not as bad as it sounds.
GDPR will come into affect on 28th May 2018, giving plenty of notice to ensure that everyone conforms to these rules.



Why does my data get stored?


Up until recently we used Google Analytics, this tracks website visitors which allowed us to understand the audience we was successfully targetting by having visual data of the number of website visitors we had received along with their location over a period of time.
Every website you visit and create accounts on will be storing data, such as your name and email address. Online shopping websites will be storing data to enable you a smooth process to complete your order and allow your order to reach you. In most instances you agree to have your data stored when you create an account or signup for newsletters.

 

So what is going to happen?


GDPR demands that all controllers of data (websites and apps) must now encrypt all sensitive information such as your name, address and telephone number to protect the owner of the data (you) in case of a data breach (hacked). Most reputable businesses will already be encrypting your password with one way encryption. Which is why many websites force you to change your password if you have forgotten it, it can not be accessed.
Encrypting user sensitive information such as names and email addresses will render the data unreadable to any unauthorized access, keeping your data safe. It’s not a bulletproof solution but is an excellent positive step in keeping data safe and secure. Combined with other security measures it is a sure way to make it exceptionally harder for data to be accessed by unauthorized sources.

 

Data controllers will have to provide data in a common readable format to allow the data owner (you) to view all stored data that any website or app may have that belongs to you. Data controllers must destroy all data where requested by the data owner. Data controllers must stop sharing data with 3rd parties where applicable and when requested, the 3rd party is then required to destroy your data.

 

Steps we are taking.


We have already taken steps to ensure that we and our customers will be ready to take steps to conform to GDPR. We have recently implemented encryption of sensitive data which will force sensitive data encryption across all ecommerce websites that are powered by Propane and will ensure that all future ecommerce websites powered by Propane will encrypt user sensitive data by default, this will begin with update version 2.0.1 that will be available for Propane in the very near future.
This update will also include the option to be able to provide stored data that belongs to any customer that requests it.


We can only force so much and further advise our customers of steps and procedures that they should be taking, we will be providing an in depth explanation to why GDPR matters to all future customers and current customers if requested.
We will absolutely be taking all necessary steps to make it as easy as possible for our customers to conform to GDPR.

 

What if I don't conform?

 

If your data gets breached and a security audit shows that you are not GDPR compliant, you face a potential fine of up to €10 million or two per cent of a firm's global turnover (whichever is greater). Those with more serious consequences can have fines of up to €20 million or four per cent of a firm's global turnover (whichever is greater).

For an in depth and solid explanation, visit

https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/


October 06 2017 - 8:00:15

Category: Security

Share