By Chaim Sajnovsky, www.b7dev.com manager.
If you have a site that serves users at the EU, or is based at the EU, or has EU based employees, from the next May 25th, 2018, you should be GDPR compliant.
But what is this GDPR thing after all?
Basically, it´s about your users privacy rights. If your company is caught using the users details in a non transparent way, the fines are big ones. Mostly is about how to handle personal data.
You should be sure to keep and store data in a secured, encrypted way. If some data leaks, your company will be held responsible under the EU jurisdiction.
Some basic rules will make this process easier to understand:
1- From now, you as a reponsable of the site, app, or the person in charge to keep the data secured is defined as ¨Data Controller¨
2-Anything that can ID a person is accounted as personal data. This includes name, address, biometric details, DNA, school scores, medical records, etc.
3-The person that can be ID’ed thru those details is defined from now as Data Subject.
4-You should legally justify why processing your users data is a real need. And of course, you need their consent.There are 6 legal reasons so far (https://www.i-scoop.eu/gdpr/legal-grounds-lawful-processing-personal-data)
5-Be ready to REALLY harden the way you keep the data. Any breach will be handled harshly by the EU authority. And if you do suffer a breach, then it is your duty to let the Information Commissioner’s Office (ICO) know at the earliest possible moment.
There are a lot more to learn. You can find the new regulation text here (https://gdpr-info.eu), but basically, if you happen to conduct business at the EU with your site, you should get GDPR consulting asap.