The General Data Privacy Regulation (GDPR) is the most important change in data privacy regulation in 20 years. This regulation has been active since May 25 2018 and the companies who do not comply may face heavy fines. Before this regulation was effective, the rules governing the collection and use of personal data were much more relaxed. As a consequence, there were cases when personal data such as name, address, phone number or other sensitive information would be mishandled, easily misappropriated or even sold from one company to another, without the knowledge and consent of the individual. This could have a very serious impact on any given individuals' private life. One thing that would often happen is you could more easily be targeted by marketers, including by the use of intrusive advertising. Other, more serious consequences, would deal with stolen identities. Health providers were (and sometimes still are) a predilect target for those who would want to misuse personal data. For example, a criminal might file a fraudulent tax return or apply for a credit card using the dates leaked from a hospital data breach.
In this context, it was felt that data privacy and protection should be taken more seriously. This applies to all instances when a company is collecting data from individuals, whether that data comes from filling in an offline form or from tracking the activity of a user online or from any other interaction.
Of course, private data can still be collected and used. If you place an online order for a product delivery, the company would need your name, address and contact details in order to fulfill your order. The difference now is that, as a company, you are forced to inform all users on how the data will be used and for how long it will be stored. Moreover, users need to be informed about third parties that might have access to that data (like web tracking apps, for example). Of course, individuals also need to give consent for each of these elements separately. It is not allowed to bundle together all the uses of data under one consent. This way, we make sure that customers have complete control over their personal data.
Here is a really nice and easy to understand infographic published by the European Commission: ec.europa.eu/justice/smedataprotect/index_en.htm
This is a question that can be split into two parts:
How do we, TWIPLA, comply to GDPR? How do you, as a website owner, comply to GDPR?
To put it in fewer words, TWIPLA is extremely preoccupied about GDPR compliance and has taken all necessary legal measures to make sure the data it collects is handled lawfully and correctly. The purpose of our data collection through web tracking is never that of targetting individuals per se, but rather to give an image of how groups of individuals are behaving online. We do not give access to third parties, for marketing and advertising purposes.
We have specific purposes for processing the data and those purposes are indicated in our contracts with our Customers and in our Privacy Policy (‘purpose limitation’). Therefore, we only process your data after you’ve accepted our Data Processing Agreement and you agreed to our Terms of Use, and acknowledged our features and services. We have taken active measures to protect data against theft, accidental loss, destruction or damage. We care about the security of our clients' data and that of our clients' clients' data. You have the right and the possibility to restrict access to data and can request that your personal data be modified or deleted.
For a detailed read on our compliance standards to GDPR, please see our GDPR compliance overview.
For full information on our GDPR commitment, also visit the 100% GDPR compliance page, that will guide you through everything you need to know about the subject, including easy to follow steps on how you, as a website owner, can comply to the GDPR legislation.