By: Jon Avidor
User-Friendly Language and Interface
Personal Privacy Controls
Most companies now include a privacy settings tab that allows users to review what specific personal data the website has collected, review or rectify that data, and approve what data the website may continue to retain or share. These controls also allow users to have a transparent understanding of how the companies will use the data provided by its users. Companies have also included step-by-step tutorials and guides on how users can access and review this information. In some instances, such as LinkedIn, any visitor to the site, regardless of whether the user has a registered account, has the right to access and control their personal data on the site. Some sites only provide this feature for users accessing their site with registered accounts.
Data Protection Officer
The role of a data protection officer (DPO) is a mandatory implementation under GDPR for public authorities that process person data, companies that systematically monitor personal data on a large scale or companies that collect or process sensitive personal data or data regarding criminal convictions and offenses. The appointed DPO (either a designated employee or a hired outside consultant) must possess expert knowledge of data protection law and practices. The DPO is responsible for educating its company and employees on important compliance requirements, training staff involved in data processing, and conducting routine security audits.
To comply with GDPR, large scale data processing companies, such as Salesforce and Google, have appointed DPOs that will be the point-person for its companies’ users to inquire about the data collection procedures of its companies and policies as it pertains both generally and individually.
GDPR Compliance Good-Faith Effort
There is no magic language or magic sauce that a company can use to ensure complete and total compliance with GDPR. There are many complexities and unanswered questions regarding GDPR, making it difficult for companies to guarantee complete and total compliance. By demonstrating good-faith efforts to substantially comply with the requirements of GDPR, companies may be able to mitigate the risk of paying the exorbitant fines for noncompliance.