25 May 2018
The General Data Protection Regulation (GDPR) regulation came into force on 24 May 2016 and will apply from 25 May 2018.
While there is some confusion as to the exact requirements, we can say that:
- Chirp Internet SRL does not collect, store or trade in personal information;
- For our clients we provide website, hosting and database services allowing them to capture and process information according to their business requirements;
- We take all reasonable steps to ensure the security of our clients' websites and data;
- Our backups use strong encryption and are kept for no longer than 2 years;
- We are prepared to detect, report to our clients and investigate any data breaches that occur;
- We shall provide tools or support to our clients so they can comply with 'data transparency' and 'right to be forgotten' requests;
It is up to each individual client/website to comply with the GDPR in terms of how they receive consent to process personal information;
How does a website comply with GDPR
The conditions will be different according to your business model, but if you have any relationship with citizens of the EU/EEC you need to:
- Provide clear explanations of what personal information you are recording, the reason, and for how long it will be kept;
- Request and receive consent for any use of their data for purposes not directly related to the initial transaction;
- Explain that they have the right to request a copy of their data, and/or to 'be forgotten', in which case their data will be purged;
If your business is in the EU/EEC you may need to appoint a Data Controller and Data Processor in your organsation to be responsible for compliance and reporting.