美国GDPR符合性的5个步骤.S. Businesses

美国的几个组织.S. 全世界都在为欧盟(EU)一般数据保护条例(GDPR)的实施做准备。. 不管博乐斗地主苹果版下载官方网站基于哪里, 如果您向欧盟公民和组织提供产品或服务，该规定将影响您. 你们的不合规造成了高达4%的全球年营业额或2000万欧元的严重损失, 哪个更大, 名声受损.

你们的GDPR合规行动计划

GDPR赋予欧盟公民知道和决定他们的个人信息如何被使用的权利, stored, transferred, deleted, 和整体保护. Every business, including yours, 需要客户的发展, 而GDPR的实施将会影响到您的整个组织. 您需要重新考虑从信息源到消费点如何处理个人信息. 您还应该考虑您的数据管理和数据治理框架如何支持个人数据保护的GDPR需求.

如果你不想拿你的生意和声誉冒险的话, 以下是您可以采取的实现GDPR遵从性的步骤:

步骤1:包括一个cookie同意弹出到您的网站.

Internet cookies, browser cookies, 或者cookies是从网站发送的小块数据，在用户浏览时存储在用户的电脑上. The unique data allows your site to store each user’s preferences and retarget them with ads. 遵守GDPR, you need to prioritize getting your users’ consent before storing cookies on their device.

The most common way to do this is to display a pop-up (a window that suddenly appears), 并附上一条请求同意使用cookie的信息.

Step 2: Ensure that your online data collection programs ask for explicit consent.

也可以称为复选框, tick box, or selection box, 复选框是一种表单，可以选中它来指示问题的答案或启用某个设置.

明确同意是相当直接的. 用户必须选择一个复选框, which is a form that indicates an answer to a question or to enable a setting. 它告诉用户要完成一个特定的活动, they must click on or check a button to opt-in or opt-out of allowing your site to gather data. This means that if you ask for an email address to directly market to people, 你把表格上的信息提供给他们, 你有一个勾框, 哪个表示同意，而不是自动检查. This way, there is no way for users to consent to anything accidentally.

Step 3: Update your privacy policy to align with GDPR regulations and follow them.

Your company’s privacy policy is one of the first formal documents a regulator will view. 如果您的隐私政策不符合GDPR法规, you are basically handing an invitation to further scrutiny by EU regulators.

There are many reasons why you should always have an updated privacy policy, including:

• It is required by law，特别是当您收集用户的个人数据时
• It’s required by third-party services you may use, which includes Google Analytics
• 用户有权关心他们的隐私(难道您不担心其他企业如何处理您的私人信息吗?)

步骤4:检查您的第三方工具.

第三方数据处理器是代表数据控制器处理个人身份信息(PII)的实体. 在新规则下, any third-party processor you use is now directly and legally obligated to also be in compliance.

许多组织已经更新了它们的数据处理协议，并在它们的网站和知识库中添加了GDPR部分. 一些网站提供了对该法案的简要介绍, 为客户清单, 以及他们打算如何遵守的最新情况. Specifically, MailChimp, Hubspot, Salesforce, 和Constant Contact是众多表示他们已经通过Privacy Shield认证的供应商之一, which shows their intention to abide by GDPR’s rules on the transfer of data between countries.

第五步:制定一个计划，以防出现数据泄露.

The GDPR legislation indicates that in most cases, you have 72 hours to report a data breach. 你的公司应该采取预防措施来保护你的数据，并制定战略计划以防你被黑客攻击. These actions plans may include assessing the risks to all private data, contacting all relevant financial institutions and affected customers, 或者要求用户立即更改密码, 在其他几个 procedures.

Conclusion

Lack of GDPR compliance imposes great threats to the future of many organizations. 然而，个人信息有着巨大的价值. 如果管理不当, it can create significant disadvantages that will result in grueling legal battles. 我们强烈建议您咨询您的法律团队，并为5月25日的GDPR发布制定一个计划, 2018.

如果您对如何确保您的营销工作符合GDPR法规有任何疑问, call 博乐斗地主苹果版下载 today at . 我们可以提供最佳实践来帮助您遵守.