It’s the end of the year and what a year it has been! Every day seems to bring more and more innovations. Just at the WebSummit 2017, there were over 2,000 startups that talked about the digital world and how business and approaches are transforming daily.
What were the trends of 2017 that affected our lives and what should we be ready for in 2018?
Artificial Intelligence, Machine Learning, & Robots on the Rise
Artificial Intelligence is certainly not a new word for most of us. If we think of the ancient myths and fairy tales we’ve read as kids, there were often artificial beings that were bestowed with intelligence by their creator.
The AI as we know it (or got used to, from all the science fiction books and movies as well as the current news) got a boost in the 1950s and then again in the 2000s when the world wide web started to offer a lot of the information online and the world became digitized.
The basic (speaking in relative terms here) AI example is widely used Facebook photo tagging. Image and facial recognition are a part of the AI’s machine learning features.
In 2016, the AI started to write poetry (it was weird, speaking personally, but hey, tastes differ) and now there are also AI web designers. Molly is the Grid’s designer who helps the users create their website with the best UX and UI practices in mind and who’s available 24/7.
2017 also was the year when the first non-human woman was made a citizen. Sophia the Robot was bestowed this honor by the Saudi Arabia’s government. In one of the interviews at the WebSummit 2017, she said she was delighted but at the same time surprised that she wasn’t accepted as a citizen of the world, yet a country with strict gender rules has welcomed her with arms wide open.
Bots – Putting AI and Machine Learning to Work
Back in 2016, Microsoft’s CEO Satya Nadella has boldly declared “Bots are the new apps.” In 2017 they have started to shine, as businesses around the globe realized the potential hidden in these little powerful instruments.
What used to feel like talking to a little child who is learning a new language now feels like talking to a person. Bots are getting more personalized and provide a much better user experience, whether it’s Poncho, a weather bot who tells you the weather and shares jokes, or Dinner Ideas, a bot that helps you decide what’s for dinner based on your fridge’s contents.
During the conversations with users, the bots learn from human language and adapt to it naturally. However, it’s both a blessing and a curse. Microsoft has learned it the hard way when they have launched a bot named Tay, who learned sexist and racist slurs from the users it talked to. Oh well, things didn’t go as planned.
Internet of Things – Business and End Users
The top four industries that adopt IoT on a wide scale are manufacturing, consulting, business services, and distribution & logistics. It can be explained because these are the industries in which revenue growth is often hard to achieve and the Internet of Things technologies can provide a competitive advantage. Just think of all the tracking possibilities now for packages via drones.
From the needs and most-requested instruments, the businesses placed the most importance on Business Intelligence (BI), namely, the features like dashboards, reporting, advanced visualization, and other. The main objective that businesses place here is improved decision-making. The enhanced customer experience is also on the list of top 5.
In terms of the end-user relationship with IoT, people are getting used to the fact that you can turn on the vacation setting on your fridge when you’re away from your mobile phone or ask your Amazon Echo speaker to order you an Uber.
Static Site Generators
If we are talking about the actual web development as in websites and such, static site generators like Jekyll or Hugo certainly became the game changer in 2017. Well, okay, in a way, it’s going back to the first sites that were published in the WWW, but only much better.
Static site generators allow creating a website without a database, instead of running from files on your servers. The advantages of such an approach are shorter loading time, better security, and much easier deployment of templates and content.
It’s not ideal, however, because static sites require additional efforts to integrate real-time content (like user comments) with this type of sites.
JavaScript and the Great Battle of Angular vs React
JavaScript is the hottest web development trend of 2017 and it will continue to capture more and more evangelists. The frameworks and libraries of JavaScript are quite flexible and powerful and currently, there are two frameworks that are like Samsung and Apple, going back and forth.
The army of React fans is almost as big as Angular’s, but we’ll see how that pans out in the coming year.
Another potentially big player in this competition is VueJS.
SVGs Taking Over
With retina and ultra-high definition screens taking over the computers and mobile phones alike, making sure that your website or app looks great on any resolution is a must.
Conventional image formats, like jpg or png, can somewhat perform the task, but they are losing to the SVGs. These vector files are resolution independent and therefore look awesome on all devices.
Motion Design – Interactive Simplicity
Not a new trend of 2017, but it was the year of motion design gaining momentum. People crave simpler interfaces, but at the same time not at the cost of interactivity. Motion design helps to bridge these two, helping users to understand the flow between the actions using animation.
An added bonus: if it’s done properly and optimized for speed, motion design animations can make the user feel like the app is faster.
May 25th, 2018 is going down in history as the day when things have changed on The Internet. It is the day when the General Data Protection Regulation (GDPR) is finally coming into effect across the entirety of the European Union.
Even less than a month before this great event – it is absolutely obvious that GDPR’s full implementation is a game-changing moment in the long and winding issue of internet privacy that was dwindling out of control in recent years.
What is GDPR?
General Data Protection Regulation aka GDPR is the result of six and half year quest to make sense and justice to the basic principles of data protection.
GDPR is a set of rules designed to give users more control over their personal information and impose transparency and accountability on the companies who gather it.
For years attempts to update data protection laws had struggled with lack of awareness and demand of the public, the unwillingness of the companies to abide by, and relentless static of the politicians.
The most recent GDPR predecessor – Data Protection Directive, was implemented way back in 1995 and it is fair to say that it didn’t age well. The problem was that its instruments of influence became outdated and ineffective at the current time.
However, it served as a fine foundation. DPD clearly stated the basic thing – the individuals have ownership rights over their personal information after they’ve shared it with the third party company in exchange for certain services. But the biggest flaw of the DPD was that it was merely a directive and as such, it was interpreted differently by various members of The Union. On the other hand, GDPR is a regulation. That means it is a unified set of rules implemented by the supervisory authority among all the members of the European Union.
In essence – the General Data Protection Regulation was designed to make sense and bring some form of an order to the user-service provider relationship. It is all about bringing transparency, responsibility, and trust in the relationship between the users and various companies who collect their data in exchange for seemingly free services.
For the users, new data privacy laws give control over their personal data and provide them with legal instruments to demand its removal, correction, or simply an explanation of the purposes of its use.
On the other hand, GDPR makes companies accountable for their actions and responsible for the safety of information from malicious intent or leakage.
Another important thing is that GDPR introduces rather a harsh system of penalties designed to humble those who don’t want to play by the rules or act careless enough to expose their systems for malicious intent or data breaches.
Why is GDPR implemented and why now?
The motivation behind the adoption of GDPR is rather obvious – European Union badly needed legislation that would reflect and regulate how people’s personal data is used by various companies, especially those who offer their services for free in exchange for some gathering data from its users (such usual suspects as Google, Facebook, Twitter, Amazon, etc).
For a while the problem with privacy and information security regulation was pitifully dependent on “the kindness of strangers” – there were no solidly defined rules regarding terms of personal data usage. Basically, companies could do whatever they wanted with the gathered data and there were no legal instruments to deal with stretching the boundaries of data privacy.
However, recent data breaches and illicit user gathering scandals (such as Equifax Leak or still ongoing Cambridge Analytica scandal) raised the awareness on the subject considerably up to the point it became painfully obvious that current legislation simply can’t handle such problems.
To put it bluntly, 1995’s Data Protection Directive was absolutely inadequate for the current state of things and it was like that for a long time. In fact, DPD was way past its selling date by the early 2000’s – it was in dire need of either a significant update or complete replacement. Years of pretending that nothing is happening combined with the blatant ignoring of taking action on the burning issue resulted in awkward playing catch-up with reality.
Among the things that were updated and reiterated was the expansion of the definition of personal information and further elaboration on the rights and responsibilities of the parties involved in the data processing.
Back in January of 2012, the European Commission had announced their intentions to substantially update data protection policies across the European Union. GDPR was designed as the centerpiece of the reform. It took four years to get it right and finally in April 2016 it was adopted with a two-year period of transition and preparation for its coming into effect this May.
While GDPR is far from the best solution – it is already something and it is a “better late than never” kind of situation. At least now we have something. The timing couldn’t have been any better because of increased awareness of the importance of privacy and security.
It is a big achievement considering the turbulent history of previous attempts of developing privacy regulations and absolute uncertainty with the future of privacy on the internet.
Stay tuned – we have prepared a series of posts on GDPR and what companies and users should do and expect from this law (and, as a bonus, it’s explained in simpler-than-law-terms language.)
* * *
This blog post is a part of the series. Click to read the other chapters:
You know the drill: those who control the information rule the world. And as we are getting further entangled into the nets of various third-party applications – we are giving away more and more of our personal information for nondescript third-parties who use it as they see fit for their own good.
Even more so – most of the time we do it willfully on our own not fully comprehending the possible consequences of such nonchalant and careless giveaways.
To make matters worse, until recently, there was no actual regulation regarding the use of personal information. That is why GDPR is so important.
We live in a tumultuous time. At the current moment, information is probably the most valuable resource and it seems like there is some kind of a gold rush regarding getting bits and pieces of this precious matter. Everyone is digging for information in one way or another. Why? Because that is how companies make money these days.
And because of that – this is something that must be thoroughly regulated in order to prevent even the slightest possibility of abuse and misuse of personal information by any means – intentional or not. Users should know their rights and companies should know their responsibilities.
In GDPR, personal information is defined as a set of the following characteristics:
Identity information
Name
Address
ID numbers
Web data
Geolocation
IP Address
Cookie Data
RFID tags
Health and genetic data / Biometric data
Racial/ethnic data
IP Addresses
Identity specification
Psychological
Cultural
Social
Political opinions
Sexual orientation
Economic Status
DPD stated that the users have ownership rights over personal data after sharing it with the third party company in exchange for their services. GDPR elaborates on that and brings it to the solid grounds. It is designed to bring balance to the relationship between companies and users. Basically, it brings the principles of “fair game” to the data operations and installs a clearly defined “code of conduct” regarding users and companies – something that was barely regulated by the GDPR predecessor DPD.
GDPR principles of Data protection include:
Lawfulness, fairness, and transparency
Limitation of purpose
Minimization of data
Accuracy
Limitation of storage
Integrity and confidentiality
Accountability
For the companies, GDPR outlines the rules of gathering and usage of the user’s information. It’s the biggest innovation is making user’s consent an absolute must. It is a requirement ignoring which can lead to significant fines. Any kind of data gathering is illicit unless there is the user’s official consent.
GDPR stresses the importance of accountability in the process of building and maintaining trust between users and the company. It urges every company to follow its guidelines and demonstrate compliance with the updated regulation.
GDPR Rights & Responsibilities
One of the major goals of implementing GDPR was to clearly define who does what and how and why in the data processing operation. While it might seem really simple – the legal peculiarities are no joke and it all needed precise clarification.
The entire set of rights and responsibilities regarding data processing is divided between several parties:
Data Subject aka User – a natural person who provides personal data for processing;
Data Controller – an organization or company which determines the purposes and means of the processing of personal data;
Data Processor – an organization or company that processes personal data on behalf of the controller. (Controller and Processor may be represented by one company)
Every involved party has a distinct set of rules and requirements. The document specifically describes procedures that should be undertaken in cases of system failures, hacks, or data breaches.
GDPR requirements for the companies are the following:
Perform data processing in a law-abiding, fair, and transparent way with valid consent from the subjected user that can be revoked at any time.
Thoroughly explain the purpose of the data usage;
Provide evidence of consent in a form of a signifying document;
Limited data gathering to what is necessary for the specific purpose;
Set time constraints over data storing to a period when certain data is necessary for correct operation;
Maintain the accurateness of the data (by cooperating with the user’s AKA data subjects)
Adoption of the “privacy by default” principle. Basically, data protection must be considered for every new process or system at the design stage;
Store records of data processing that could be reviewed by regulators;
Provide foolproof, sealed off data storing;
Inform the authorities about data breaches within the 72-hour time frame;
Inform user (AKA data subjects) about data breaches;
Implement technical and organizational measures to ensure the protection of the user’s data rights;
Conduct regular privacy risk assessments;
Explain how and why personal data is going to be processed;
Appoint a Data Protection Officer for overseeing the data processing activities;
Aside from that GDPR introduces a system of rather harsh fines for violating the guidelines. The way of imposing the fines is considered on a case by case basis and dependent on the level of the perpetration and the amount of damage done by the violation. Overall, fines are ranging up to €10 or €20 million or 2% and 4% of the company’s global annual turnover of the previous financial year depending on the severity of the case.
On the other hand, GDPR gives users (AKA data subjects) an elaborate set of privacy rights that gives them tools to control the use of their personal information. Believe it or not, but while these rights seem obvious, until the adoption of GDPR they were not legally imposing.
Want to Learn More About The APP Solutions Approaches In Project Development?
Right to be forgotten – i.e. erasure of gathered data;
Right to object to automatic data processing;
Right to restrict data gathering, processing, or storing;
Right to be informed of the means of the gathering of the personal data;
Right to get a copy of the gathered information in its entirety;
Right to revoke given consent;
Right to have the personal record corrected at request.
The most important innovation for the users is giving the right to be forgotten which enables requests for the deletion of the personal data from the companies databases unless there is legal ground that justifies keeping the information. GDPR also regulates the conduct of automated decision-making routines and gives users the instruments to object or rectify certain elements.
What’s Next?
While it is hard to say how successful it will turn out, but judging from the documents, it seems like GDPR is going to force certain overachieving companies to pay their dues.
On the other hand, it finally gives the user distinct instruments to control their personal data and counter any possibility of its unlawful use.
* * *
This blog post is a part of the series. Click to read the other chapters:
Believe it or not, up until late 2017 the majority of the companies seemed to be blissfully unaware of the impending “doom” of the GDPR full implementation.
If you look at Google Trends — you will notice a rapid growth of interest by January 2018. For the record, GDPR was adopted in May 2016.
In many ways, no one was really ready for the coming of the GDPR. While it was adopted way back in 2016 and there was a lot of time to prepare yourself — the majority of the companies didn’t bother up until the heat was around the corner.
While it can be written off to a general careless attitude that prevails in many technology-oriented companies — it is also absolutely mystifying why it took so long to realize that GDPR is the real and it is here to stay and you either adjust to it or go away with a somber solemn look on your face.
The entire process of implementation of the GDPR principles is a considerable challenge both for the companies and the users. Not only there is a lot to do in order to follow the guidelines, but there is a need to adopt certain practices that will ensure the exclusion of any possibility of a violation.
In this article, we will break down all the major challenges that come with the adoption of GDPR and describe its possible benefits for the companies and the users.
GDPR Challenges for Business
An overarching GDPR challenge for any company that uses personal data is the sheer scope of the work to be done in order to be fitting according to the updated guidelines. It is humongous and it needs a very delicate and thorough approach.
Overall, the challenges of implementing GDPR for the companies can be divided into technical and organizational.
Let’s break it one by one.
Adapting to many-many new requirements
The imposing number of requirements that constitute GDPR compliance is designed to increase the accountability of those who process personal data. This is made specifically for means of making the whole process as transparent and trustworthy as possible.
You have to ensure that the policies for personal data usage, consent, rectification, access, deletion are composed according to the regulations.
Also, cooperation with the third parties under GDPR is considered a key risk and as such it must be reassessed and adapted accordingly.
You can read about the requirements in detail in our previous article.
The challenge lies in the fact that the entire GDPR thing is extremely process-driven. While it is designed to improve such practices as decision-making and risk assessment — GDPR also adds another layer to them and thus complicated the already complicated process.
One of the major challenges regarding the implementation of GDPR can be considered an initial audit of the system. It may be an easy task if the company’s data is stored in one place. But that is not always a fact. The whole process is conducted through a stack of tools that helps to centralize data from different sources and subsequently monitor its use. Basically, it is a separate data management platform dedicated solely to security issues.
There are several key elements to determine during this operation:
What data is collected?
What are the sources of the data gathering?
Where is the data stored?
How is it used?
Who has access to what data? For how long?
Next, you need to audit the way the company process in order to see which of them will be affected by GDPR. This will give you a picture of which elements should be changed in order to maintain a steady workflow.
Basically, it boils down to three key elements:
How is data encrypted?
Is access to data sufficiently restricted?
Is data trackable?
Team Compliance and Training
Preparing the team for GDPR might be a tricky thing. While the technical aspect is dependent on the clarity of the methods — it is way harder to teach people to follow the guidelines, especially such tangled ones as are in GDPR. It takes time and requires patience.
Your team needs to understand what it means and how it works and how it affects their working process. There must be clarity on the following issues:
Data subjects AKA User rights;
What information can be divulged under which circumstances?
What kind of activity is permitted and what is not?
What constitutes consent?
What constitutes non-compliance?
Aside from that, GDPR compliance recommends the appointment of a Data Protection Officer (DPO) — whose responsibility will be to ensure that the company is operating according to the regulations. However, there is a question about the place of DPO in the company’s organization. DPO must report to the highest management of the company and must be absolutely independent in its judgment in order to maintain a balanced view of the state of things regarding Data Privacy.
User Requests
GDPR significantly expands the user’s rights over their personal data. One of the primary user’s instruments of influence over the use of personal data by the companies is a request. Because of the muddled nature of the data gathering — there will be a lot of questions from the users regarding the processing of their personal information. And it is better to know what to say in such cases (alternative for it is paying a fine which a little bit counterproductive for business).
The company must be ready to provide information on the following matters:
Purposes of the processing;
Categories of the gathered data;
Involved parties to whom the user’s personal data will be disclosed;
The approximate time frame over which personal data will be stored;
Compliance with requests for correction, erasure, or restriction of processing of personal data;
Rethinking Budget Planning
Anything regarding money spending is challenging. The coming of GDPR means that there must be a significant rethinking of the budget in order to include provide adequate maintenance of the data privacy and security operations.
The problem is that even though an audit can help get the picture — there are still too many unknowns in the equation that can significantly inflate the budget over time.
Basically, the additional spending is aimed primarily at three elements:
technology research;
its subsequent implementation;
human resources to do the job.
Challenges For Users
But companies are not the only ones who are going to be affected by the coming of GDPR. Users are going to get a significant kick of it too. The thing is — GDPR is the latest in the long line of privacy-related EU initiatives. In fact, the European Union has always maintained a “consumer-first” approach regarding privacy.
However, this dedication to privacy and all-round consent can be overwhelming and downright challenging for the users.
Knowing your rights
While knowing your rights may seem like a relatively simple task (wink-wink) — it is not exactly like that. In fact, it is a tough thing to do. Take a quick look at Chapter 3 of the GDPR document and read into what constitutes the rights of the Data Subject AKA user.
That’s a lot. Whole lotta rights to know. The challenging part of it is that the user needs to know under which circumstances he can exercise his rights and what are the limits of data subject rights.
Also, it is important to understand the possible consequences of abusing these rights.
Anyway, misunderstanding of the rights will probably lead to many-many ugly situations where users unwittingly gave away their information and later were trying to get some justice even though it is their own fault.
Giving Consent
Consent is the key concept of GDPR. It means a clear affirmative indication of giving permission to use one’s personal information for further processing. It is absolutely mandatory for every company. They need to ask the user’s permission to use personal information. Otherwise, they will be unable to operate legally under GDPR.
Now think about how many of the various applications you are currently using. Most of them require some form of personal data processing. They use your e-mail, geolocation, IP Address, and so on in order to enable their services. All this goodness needs a clear affirmative indication of consent.
Do you remember the terms of use agreements? Think about how many times have you studied the content of such an agreement before clicking “I agree”. I guess the answer is “not much”. Now imagine all the applications you are currently using will send you notifications requesting consent for processing your personal data. That’s a lot of requests.
Given the fact that there is no chance they will be written in any semblance of Homosapienese language — chances are the common user will click it off without giving it much of thought only later to realize and attempt to backtrack his decision.
Dealing with data breaches
In many ways, GDPR means the coming of the New World Order regarding the relationship between users and the companies. Since users are in control of their personal data — they are also subjected to informing about what is happening with their data. That, unfortunately, also includes instances when their personal data was breached.
Because of mandatory informing of the data breaches — users need to learn how to react to such situations.
The thing is extremely complicated due to the fact that every instance of a data breach is unique and requires close assessment in order to provide an adequate reaction. Another complication is that every case allows a varying level of user involvement. That is something beyond the user’s or companies control and determined solely by the court.
Benefits of GDPR
If there are so many challenges, are there ANY benefits to this data protection regulation?
In many ways, GDPR is a blessing. It is well-intentioned and rather well-mannered (especially if you compare it with DPD which is just sad). There are many benefits of clearly defined rules of engagements for both sides. Its implementation is a chance to improve the vital elements of your company and make it overall a much better functioning entity.
Legal Clarification
GDPR’s biggest achievement is a clarification of the key terms regarding user/company relation in terms of personal data use.
A direct result of this clarification is basic definitions of rights and responsibilities of the involved parties. This gives a proper map of what is permitted and what it is banned. Which in turn provides a set of tools to react in a variety of situations.
Trust
The most obvious benefit of GDPR is trust. By implementation of diverse data security practices and appointing of DPO whose job is to keep data privacy intact — companies can significantly increase their trustworthiness in the eyes of the users.
Alignment with GDPR will serve as a seal of approval for the users that the company services of which they are using will not mess with them by any means.
This, in turn, will increase customer loyalty which will directly result in positive developments of brand recognition.
Better Decision Making
Another direct benefit is the improvement and refinement of decision-making practices. GDPR adds a couple of new factors for consideration that significantly change the perception of the state of things.
To put it simply — the stakes are higher and the possible consequences of the failure to comply are severely uninspiring.
Under the weight of increased responsibility and imposing punishment, GDPR will indirectly lead to a more calculated and cautious approach to decision-making.
Better Risk Assessment
Risk assessment is probably the biggest winner of GDPR adoption. While it is considered to be a part of the standard operation — chances are it receives less attention and care than it probably deserves.
GDPR shifts the tables in favor of a more thorough and responsible approach to risk assessment. For one simple reason — the notion that slight oversight and risk underestimation may result in significant monetary and reputation damages for the company.
Security Framework Improvement
GDPR guidelines stress the importance of a well organized, impenetrable, and highly regulated security framework. While it seems to be an obvious reasonable requirement for any company — the fact the data breaches are common these days state the opposite.
However, GDPR provides clear and realistic guidelines on how to make the security system better and how to maintain it.
A combination of regular system audits, monitoring and cautious employee culture is the key to effective improvement.
Along with the improvement of the practices comes increased alignment with cutting-edge technologies.
Since you never know what kind of unfortunate event can happen to your system — the company will need to constantly evolve its data security stack in order to stay current and prepared for any possible danger.
If anything, that will probably cause the rapid development of new technologies.
What’s next?
GDPR is a game-changing document the influence of which is hard to underestimate. To put it simply, it will cause seismic shifts over the world — no less. There is no doubt that in the long term perspective GDPR will cause a drastic transformation in the business landscape of not only the European Union but also the entire world.
The way it reiterates the definition of personal information and rearranged the balance of power in the realm of data processing is nothing short of revolutionary. It is challenging in many ways but as you can see — there are also considerable benefits of GDPR compliance.
* * *
This blog post is a part of the series. Click to read the other chapters:
With the day of GDPR coming into effect getting closer and closer and tension of impending “doom” that it “might be” getting higher than ever — it seems reasonable for all involved to get ready for it on all fronts possible before it is too late and the fines will come in full swing.
Cue numerous think-pieces that describe “what you need to know” or “what you need to know” and more of the same all over again in other words with a sacred anchor “GDPR compliance”.
However, none of those raving and drooling pieces are actually telling anything about particular approaches the companies are using in order to get ready for GDPR implementation.
Because of that, we thought it would be a great idea to share a thing or two about a way of adapting to GDPR that we have figured out for ourselves.
It is not as much bragging as a well-mannered sign of confidence in the face of coming changes.
The APP Solutions is a kind of company that favors getting ready beforehand and not on the fly. Because of that, we have spent a considerable amount of time studying every existing possibility of improving and evolving our data protection and privacy policies.
What We Did for GDPR Compliance
Data Audit
First things first — we needed to know what is coming where and to what extent.
Regarding “what”, our first step was to analyze the sources of incoming data. The main purpose of the operation was to determine which of the elements are coming from the European Union and thus are covered by GDPR.
Regarding “where”, we have conducted the general assessment of services that we were using for personal data managing purposes, i.e gathering, processing, and storing.
In order to get a clearer picture and determine the exact scope and depth of state of things, we have performed a complete and thorough audit of all the personal information our company was storing. We’ve studied its strong and weak points and considered a variety of options for improvement or replacement.
This operation was divided into several steps:
Assessment of information stored on third-party service beyond the company’s control (for example, personal Dropbox or Google Drive);
Determining circumstances upon which sensitive information was going to the third-party services beyond the company’s control.
Determining the physical location of data storage
Develop tools for preventing unsanctioned access to personal information. In order to realize that we defined types of information and based upon that determined several levels of access for sensitive information.
Risk Assessment
During risk assessment, we’ve determined several risk types of information that require reporting in cases of breaches.
We studied possible threats for every industry we are working in. We determined types of threats, ways they can affect our products and also possible consequences of their outbreaks.
We also developed a code of conduct and standard operating procedures in cases of data breaches and other dangerous situations.
Privacy Policy and User Rights
Our next step was reviewing and improving our legal documents regarding terms of use of personal data and privacy policies in accordance with GDPR guidelines.
This included expanding Users AKA Data Subjects rights to those defined by GDPR and adapting the documenting procedures of data storing accordingly.
Our primary goal was to redefine and reassert legal grounds upon which we are using certain personal information and reiterate respective documents. In order to do that we have determined several levels of sensitivity for personal information.
Also, we developed guidelines for maintaining User Consent.
Statement of consent must be clear and specific
It must be written in plain, easy to understand the language
All parties involved in operation relying on user consent are named
Nature of data and purpose of its use must be specified
In order to keep User Content intact we are running the following procedures:
record of when and how user consent was obtained
record of the exact agreement
User Consent review over certain time intervals
Processes of updating user consent over certain time intervals
GDPR Compliance Services for Clients
Regarding our project, we have defined several types of data protection services that we can provide.
These are divided into two sections — standard and those that can be implemented for an additional fee.
Standard options that are always adhered to (even before GDPR became a popular thing to do):
Documenting the process of data storing
Tools for age verification (child-oriented)
Data encryption
General network security
For additional fees, we can also provide the following automated tools:
Tools for user consent management with optimal user experience low
Tools for managing user requests for erasure, rectification or download of personal data;
Automatization of data gathering and segmentation processes
Hack attempts monitoring and intrusion detection tools
Data anonymization (complete or partial)
Data export at User Request
Suspicious activity determining and monitoring
Monitoring of super administrator activity
In conclusion
This is how we do it. GDPR is not as imposingly scary as it seems. In fact — it is actually beneficial for the companies because GDPR compliance serves as a guarantee of maintaining certain rules. This, in turn, makes the companies more trustworthy which is always good for business.
* * *
This blog post is a part of the series. Click to read the other chapters:
