We do not collect any data from site visitors. If anyone signs up on the website it is unsolicited. Those names and emails may be compiled in a database to invite newsletter signups. As of April 2018, there is no and has never been a newsletter created for our organization. Any future newsletter will be created and managed using MailChimp. Anyone who has signed up on the website can ask to have their data removed by emailing email@example.com with “GDPR remove me” in the subject line.
Here is a summary of the GDPR Rules set to take place in May 2018:
- GDPR has a wide reach: It applies to an organization that has any data from any EU resident. This does not mean they are an EU citizen, just an EU resident.
- GDPR widens the definition of what data is PII: Personally Identifiable Information (PII) is expanded under GDPR to include items such as IP address, name, email, phone number, address, online user ID, location data, biometric data, genetic data, economic data, cultural data, and more.
- GDPR tightens rules for gaining consent, which means businesses need to adjust privacy statements and make clear to consumers what type of data they collect and how.
- GDPR has defined a new role within businesses, the Data Protection Officer (DPO), and a new risk management process.
- Common breach notification: GDPR specifies a breach notification of 72 hours (at most), expanding the scope of notification for a business.
- GDPR speaks of the concept of Privacy By Design: This means, all systems moving forward should not only look at the general security tenets of Confidentiality, Integrity and Availability, but should add Privacy when building or modifying systems.
- The right to be forgotten.