Key GDPR Concepts for Organizations to Comply for Better Transparency in Business Transactions

First GDPR Concept Is about the Right to be Forgotten

  • Design a data inventory to know where the personal data of its customers reside
  • Determine if the data erasure requests can be performed or if exemptions are required and if so, the reasons
  • Design a data erasure request process
  • Provide training for personnel to handle data erasure requests

Second Concept Talks about Obtaining Valid Consent

  • Consent needed for every specific purpose
  • To deliver on either a current project or before entering into another
  • Due to legal obligation
  • To protect the interests of the all the customers

GDPR focuses on transparency and some points to be kept in mind are as follows:

  • Consent must be free and not to be clubbed with terms and conditions. The consent should not be a condition signing up for a service until it is precisely so.
  • Consent must be used only for the specified purpose and must be easy to understand with no hidden contradictions.
  • Consent must be segregated by type such as for advertising or analytics and not all inclusive.
  • The user should have the option of opting in and it should not be compulsory as in pre-checked boxes.
  • Companies have to retain all materials regarding the consent as a proof.
  • Users should have the option to be able to easily withdraw from the consent

Third Concept Is of Access to Data or Portability of Data

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
CloudCodes Software

CloudCodes Software

CloudCodes is a cloud security solution provider founded in 2011. We focus on providing cloud security solutions to enterprise customers through its SSO.