Businesses, large and small, are in the midst of preparing for compliance with the European Union’s new data privacy laws: the overall Data Protection Regulation, or the GDPR, which can have got into effect on May 25, 2018.
The GDPR is extremely broad in scope and can apply to businesses both in and outside of the EU. Businesses that don’t suit the GDPR could face heavy fines.
Here’s what you would like to understand about the GDPR. (Note: you must consult your legal counsel to determine if you’re subject to the requirements of the GDPR.)
WHAT IS GDPR?
GDPR is short for the overall Data Protection Regulation that has gone into effect on May 25, 2018. it had been passed by the European lawmakers to create a harmonized data privacy law across all the EU member states. Its purpose is to:
Support privacy as a fundamental human right;
Require companies that handle personal data to be in charge of managing that data appropriately, and provide individuals rights over how their data is processed or otherwise used.
WHAT IS PERSONAL DATA?
In short, GDPR defines personal data as “any information concerning an identified or identifiable natural person.”
Okay, so what does that mean?
In addition to the types of information you would possibly consider – name, address, email address, financial information, contact information, identification numbers, etc., personal data can in some cases be information associated with your digital life, like an IP address, geolocation, browsing history, cookies, or other digital identifiers.
It also indicates could information about a person, including their physical, mental, social, economic or cultural identities.
In short, if the information is often traced back to or related to how to an identifiable person, it’s highly likely to be personal data. you’ll be able to determine more about the GDPR here.
WHAT RIGHTS DOES THE GDPR PROVIDE TO INDIVIDUALS?
There are several rights an individual may exercise under the GDPR, including:
Right of access: Individuals can ask for a duplicate of the personal data retained about them and an explanation of how it’s getting used
Right to rectification: Individuals have the right to correct, revise or remove any of the personal data retained about them at any time
Right to be forgotten: Individuals can ask to delete their data
Right to restrict processing: If an individual believes, for instance, that their data is inaccurate or collected unlawfully, the individual may request limited use of their data
Right of portability: Individuals have the right to receive their data in a structured, commonly used and machine-readable format
Right to object: Where a private decides that they not wish to permit their data to be included in analytics or to receive marketing emails or other personalized (targeted) marketing content at any time, the individual may cop-out of use of their data for these purposes
Please note that these rights aren’t absolute, and limitations/exceptions may apply in some cases.
HOW DOES THE GDPR AFFECT YOUR BUSINESS?
Individuals, companies, or businesses that have a presence in the EU or, if no presence, offer goods or services to, or monitor the behavior of, individuals in the EU got to comply with this law. Please consult your legal counsel about whether GDPR applies to you and your business.
What do you need to do differently to comply with GDPR?
If the GDPR applies to you, there are various obligations you’ll get to comply with to continue doing business with your customers from the EU. Luckily, not all of these obligations are new, so you must be complying with some of them already.
The most important differences in this context are as follows:
- More information about your use of personal data must be communicated to your customers. you must confirm that your privacy notices/policies are updated to reflect the new requirements of the GDPR, including setting out the needs of your processing personal data, how long you’re retaining such data, and what legal basis to be used of personal data are you relying on.
- You should determine the legal basis for your use of personal data: If you’re counting on consent to use your customers’ data you must make sure that the consent you have meets the new requirements of the GDPR (more details on this below). Please note that sending marketing emails or showing promotional content in any form to your customers may require, in certain circumstances, prior opt-in consent from them. As a reminder, you have already agreed through acceptance of our terms of service to lawfully obtain and process all personal data appropriately and have attested that you have permission to show your customers to promotional content.
- You will also get to comply with the rights provided to individuals by the GDPR. See section above “What rights does the GDPR provide to individuals?” for details.
To the extent that you have these obligations, we’ve tools in place to assist support your compliance efforts – we’ll get into some detail about this below. These include methods for you to get consent on your website for all visitors and to point out promotional content to your existing customers, also as ways for you to verify and document consent for new ones, too.
You should consult your legal counsel on the above and your other obligations under GDPR.
WHAT KIND OF CONSENT IS REQUIRED UNDER THE GDPR?
When unsure, and you’re depending on consent to promote to your customers, express consent is usually your most suitable choice. You obtain and document express consent once you explicitly ask your potential customers for permission to send them emails and other marketing content, and they agree, and that agreement is recorded. BigRock has ways for you to point whether you have obtained express or implied consent from a customer, outlined in additional detail below.
There could also be circumstances where you’ll rely on something similar to implied consent for sending emails or promotional content to customers even when subject to the GDPR. this is often called a “soft opt-in” where –
you have obtained their contact details in the context of a sale of a product or service,
you are sending emails and showing personalized ads concerning similar products or services
the customer has the power to opt-out of receiving such emails once they first provided their data when making a purchase and in every subsequent communication sent from you.
You should consult your legal counsel to determine whether you’ll be able to rely on the soft opt-in going forward under the GDPR. If you have customers with soft opt-in consent, you’ll store them as implied consent, but you’ll need to maintain your documentation about how you obtained that soft opt-in consent.
Your customers should also be given a simple way to withdraw their consent to comply with the GDPR.
HOW IS BIGROCK COMPLYING WITH GDPR?
There aren’t any alternatives available; all businesses are required to manage this change before the said deadline. we’ve and will always strive to value your privacy and take seriously our obligations to keep the data provided by you confidential and secure. Mentioned below is a list of changes we’ve made as first steps:
- We will provide you with detailed information about what personal data we collect from you, how we collect it, what we do with it, and whom we share your data with, including advertisers and other third parties (such as vendors we work with to support the services we offer to you)
- You will now have more control over what data you share with us, how your data is shared, and the extent to which you want your data to be used. This involves scenarios where we identify your interests and deliver you personalized advertisements, or take efforts to higher tailor your experience on our website (Eg.: collecting and acting upon actionable data obtained with the assistance of cookies, Google Analytics, etc.)
- We will include information about how you’ll ask us to prevent or limit using the information we’ve about you
- We will ensure we communicate these changes to you as and once they take place, so you’re aware of what’s happening and why
WHAT’S ARE THE NEXT STEPS FOR BIGROCK:
1. PRIVACY STATEMENT
The European data protection authorities have expressed concern over the unlimited publication of private data of domain name registrants in the WHOIS. to make sure our WHOIS output is compliant with the GDPR, we’ve implemented the subsequent changes since May 25th, 2018:
- For Existing Domain Names:
For all existing domain names, if either of the Registrant, Admin, Tech and/or Billing contacts are identified as being from the EU, we’ll mask the WHOIS output for that domain name with placeholder details in place of the users’ personal information (this service is going to be stated as “GDPR WHOIS Protection”)
Our engineering team is currently functioning on building these changes into the system. While we do this, to enable our API partners to plan, we’ll aim to share the ultimate API specification with sample requests and response patterns as soon as they’re ready. Also, we’ll confirm when the new API methods are going to be available in the demo environment.
Notwithstanding the foregoing, access to personal data of domain name registrants could also be granted when such access is important for technical reasons like for the facilitation of transfers, or law enforcement when it’s legally entitled to such access.
3. COOKIE CONSENT
When you visit the BigRock website, the webserver passes on a cookie i.e., a string of text, to the web browser. These cookies enable our website to figure or work more efficiently, also as provide information and extra services. Cookies are used for purposes of promoting, analytics or are essential for site functionality and making experiences better. to make sure that we capture and record the suitable consents for cookies deployed on our website, we’ll be using TrustArc, a globally trusted third-party compliance management tool. This way, you’ll be able to select and manage your cookie preferences. Generally, cookies may fall into any of the following categories*:
- Strictly necessary/required cookies: These cookies are required to enable core site functionalities. If you select to block these cookies, you’ll not be able to register, log in to the website, access certain parts of the website or fill up the use of the website.
- Functional cookies: additionally to core functionalities, these cookies collect and store login details, and can be opted out of
- Analytics cookies: These cookies analyze site usage by monitoring how users navigate through the web site and may be opted out of
- Advertising cookies: These cookies make users’ information available for targeted advertising, and can be opted out of
*The cookie definitions stated above are following how TrustArc (our cookie consent tool) identifies and segregates cookies.