DATA PROTECTION & GDPR
As the nation and worldwide becomes more digitized it has become noticed that many companies hold highly sensitive information and data about customers in order to obtain information about customer behavior.
GDPR also know as General Data Protection Regulation is a new data protection law, specifying how customer data should be used and protected. GDPR becomes enforceable on May 25th 2018 and will effect all business' selling or providing a service to a customer within the EU.
Fashion Friends will need to follow the GDPR requirements as it sells a service to EU citizens.
GDPR has 7 major requirements:
CONSENT
BREACH NOTIFICATION
RIGHT TO ACCESS
RIGHT TO BE FORGOTTEN
DATA PORTABILITY
PRIVACY BY DESIGN
DATA PROTECTION OFFICERS
- terms of consent must be clear, nothing in Fashion Friends terms and conditions can be written in complex language. It must be easily given and withdrawn at any time.
- if Fashion Friends were to have a security breach, we must alert our customers of the risks within 72 hours .
-if any Fashion Friends subscriber requires their data profile, we must be able to provide them with a free electronic copy of this.
- once the original purpose for the data is no longer relevant, the customer has a right to request the total erase of their personal information.
- this gives Fashion Friends users the right to their own information and opportunity to reuse it in a different environment.
-this requirement means Fashion Friends must design our system with correct security protocols.
-once Fashion Friends has more than 250 employees, data protection officers must be employed.