MondoPal and the GDPR
MondoPal respects the General Data Protection Regulation (GDPR) which took effect on May 25, 2018. The data protection package adopted in May 2016 aims at making Europe fit for the digital age.
What is the GDPR, exactly?
The GDPR is a new law that concerns itself with the handling of personal data of European Union (EU) residents. The GDPR is intended to give EU residents more visibility and control over their personal data:
How websites, including eCommerce websites, collect data;
Who they share it with;
And what tracking technologies monitor them across the Internet.
What new privacy-related rights does the GDPR give EU residents?
The new law requires stores to inform their customers about what information they collect, store, and share, and establishes specific rules about the kind of consent required before stores can collect personal data. That means that stores will be asking for consent more explicitly, and detailing their use of personal data more specifically in their privacy policies.
In addition to clearer notices and privacy policies, the GDPR also gives EU residents powerful new rights such as the Right of Access, Right to Rectification, and Right to Erasure.
That means that EU residents will be able to:
Demand a copy of all the data websites have about them;
Demand any errors in the data to be corrected;
Request the removal of all personal data.
The GDPR also gives EU residents the right to find out if their personal data has been compromised. Stores will need to notify customers if their personal data is stolen during a breach, and do so in a timely manner.
What is personal data?
GDPR isn’t about all information — the new rights for EU residents specifically apply to "Personal Data".
"Personal Data" means anything that can identify a person, either on its own or combined with other data. Examples include a person’s:
Physical address or email address
Last four credit card digits
Shipping tracking numbers