2018-04-16-gdpr-quick-reference.md 3.0 KB
description: > Basic privacy aspects according to the European Union General Data Protection Regulation (GDPR)
title: "GDPR Quick Reference"
| Privacy Aspect | Description | Reference |
|---------------------|---------------------------------------------------------------------------|------------------------------------------------------------------------|
| Data collection | Only collect data for the intended purpose. | Art. 5 (1), 6; recitals 32- 50, 58, 60 et seq. |
| Children protection | Treat children related info with utmost caution. | Art. 6 (1) lit. f, 8, 12 (1); recitals 38, 58, 65 |
| 3rd-party sharing | Inform users when their personal data is shared. | Art. 13 (1) lit. e, 14 (1) lit. e; recitals 61 |
| Data security | Implement state of the art data security mechanisms. | Art. 32, recital 78 |
| Data retention | Determine storage periods for personal data depending on its purposes. | Art. 17, 13 (2), 14 (2) |
| Data aggregation | Inform users when aggregated personal data is collected or shared. | (from PrivacyCheck) |
| Data control | Give users full control on personal data (delete, modify or transfer it). | Art. 13 (2) lit. b, 14 (2) lit. b, 15, 16, 17, 18; recitals 63 et seq. |
| Privacy settings | Use best privacy settings. At least, allow users to modify them. | Art. 25, recital 78 |
| Account deletion | Allow users to delete personal data at their convenience. | Art. 17 |
| Breach notification | Inform about incident, the implications, and actions users to take. | Art. 12, 34, 40 |
| Policy changes | Inform about policy changes in a transparent, and understandable. | Art. 12 |
Resources
- The Morning Paper: PrivacyGuide: towards an implementation of the EU GDPR on Internet privacy policy evaluation{:rel="nofollow noreferrer noopener"}
- General Data Protection Regulation{:rel="nofollow noreferrer noopener"}
- [PDF] PrivacyCheck: Automatic Summarization of Privacy Policies Using Data Mining{:rel="nofollow noreferrer noopener"}