The main focus of the General Data Protection Regulation (GDPR) is the protection of personal data and people’s digital privacy. This new legal framework, ordered by the European Union, takes effect on the 25th of May 2018 and we must therefore insure our users’ consent to our policy terms in accordance with its legislation. The law is designed to unify current data protection privacy laws and enhance the rights of citizens to protect their personal information.
The GDPR requires our users to be provided with comprehensive information on how their personal data is going to be processed. Of specific relevance to our application is Article 12 of the GDPR, which states that we need to communicate information about how we plan to process users’ personal data in a way that is:
· Concise
· Transparent
· Intelligible
· Easily accessible
· In clear and plain language
· Free of charge
In compliance with the GDPR, our privacy policy will not only be informative and detailed, but user-friendly, replacing any legalese with clear and concise language that can be understood by the average user. We will make users aware who the data controller is and how they can be contacted. Moreover, we will inform users to what extent they are required to provide us with personal data, and the consequences if they do not. For example, if users do not provide us with an email address, they will not be able to create a user account to log in. One of the most important elements we will tailor to comply with the GDPR is the use of clickwrap to gain clear and undoubted consent before the collection of any personal data.
Written by Ashton Kingdon