If your business collects any sort of online personal data (and whose doesn’t?), then you’re probably counting the days until May 25, 2018, when the GDPR (General Data Protection Regulation) takes effect.
Although GDPR is an EU regulation which emphasizes that users must give “active consent” to any platform collecting their personal data. Here are a few things to consider when evaluating your business’ collection and use of personal data:
If you plan to store data, use it to target ads, share it with other entities, or just to add a personal touch to the user’s interface, explain so clearly and prominently. The GDPR only considers the collection of necessary information to be lawful, so if you ask for a user’s demographics when all you do is sell shoes, explain why you absolutely need that information or expect legally-backed resistance from informed users.
It is not the responsibility of the individual user to opt-out of data collection. There must be a clear opt-in option in order for you to obtain data–no pre-ticked boxes and no lumping in special conditions with typical terms and conditions. If you intend to use sensitive data like their genetic information, be crystal clear that they are opting-in for that usage.
Specify that users can to opt-out in the future or ask that their data be erased.
Don’t forget that all personal data your business stores is covered by GDPR. Your employees must provide active consent just like any online user. If a data breach compromises their information and you did not obtain their active consent, you will be fined.
If you were compliant under the Data Protection Act you may be able to roll into the GDPR without an overhaul. The GDPR standard for data collection is that it be “specific, granular, clear, prominent, opt-in, properly documented and easily withdrawn.” For a detailed explanation of these qualifications or to ensure your system already complies, visit IP Draught.
If you aren’t GDPR savvy or haven’t fully read the Guide to the GDPR, sending an email to those whose data you already have and adding a website pop-up explanation of your data use policies is a good idea.
Here is an example of a pop-up from Podio.com:
With fines reaching as high as 4% annual revenue or €10-20 million, the GDPR is clearly not messing around. Double-check your permissions with your users to be safe or accept the risk of not doing so.
Asking users for active consent and being transparent in your use of their data builds trust and enhances your reputation. If users feel educated and in control they will want to continue their relationship with you.
Active consent is a positive step for the protection of us all in this digital economy. Show your users you care by obtaining it.
AI in health has been growing for years, helping to spot disease biomarkers and better…
In 2026, digital technology can no longer be classified as a trend. Today, it represents…
Rockefeller Foundation VP for Reimagining Humanitarian Nutrition Security Simon Winter tells the One Health Summit…
NTT Research launched SaltGrain at its Upgrade 2026 conference on Wednesday in San Jose, California.…
NTT Research, the Silicon Valley-based research division of Japanese telecom giant NTT, announced Dr. Tetsuomi…
This piece started from a series of conversations I kept coming back to over the…