You must inform people about where, why and how their data is processed and stored.
Posted: Wed Jan 22, 2025 3:41 am
In other words, you can't just send unsolicited emails to someone who gave you their business card or filled out your website's contact form. That's spam . Instead, you need to allow them to sign up for your marketing newsletter.
To qualify as explicit consent, you must require a positive opt-in. The checkbox must not be checked by default, must have clear wording (no legalese), and must be separate from other terms and conditions.
Your users have a right to their personal data
The individual has the right to download his or her personal data and the right to be forgotten.
This means they have the right to request that you list of lebanon cell phone number delete their personal data. If a user clicks on an unsubscribe link or asks you to delete their profile , you must actually do so.
You must notify data breaches promptly
Companies must report certain types of data breaches to the relevant authorities within 72 hours, unless the breach is deemed benign and does not pose a risk to individual data.
However, if a security breach poses a high risk, the company must also immediately inform the affected individuals.
This will hopefully prevent cover-ups like the one at Yahoo, which went undetected until the takeover.
You may need to appoint a data protection officerIf you are a public company or process large amounts of personal data, you must appoint a data protection officer.
To qualify as explicit consent, you must require a positive opt-in. The checkbox must not be checked by default, must have clear wording (no legalese), and must be separate from other terms and conditions.
Your users have a right to their personal data
The individual has the right to download his or her personal data and the right to be forgotten.
This means they have the right to request that you list of lebanon cell phone number delete their personal data. If a user clicks on an unsubscribe link or asks you to delete their profile , you must actually do so.
You must notify data breaches promptly
Companies must report certain types of data breaches to the relevant authorities within 72 hours, unless the breach is deemed benign and does not pose a risk to individual data.
However, if a security breach poses a high risk, the company must also immediately inform the affected individuals.
This will hopefully prevent cover-ups like the one at Yahoo, which went undetected until the takeover.
You may need to appoint a data protection officerIf you are a public company or process large amounts of personal data, you must appoint a data protection officer.