gdpr 下载_GDPR最后一分钟清单：您准备好5月25日吗？

gdpr 下载

The GDPR deadline is looming and from the 25^th May, all businesses and organisations that collect the data of EU citizens will need to be compliant. If you aren’t, then there is the potential for heavy fines. As you may have noticed from the number of GDPR related emails you’re getting in your own inbox, virtually every company you deal with is making preparations. If you haven’t yet got around to making the necessary changes, here are the main things you will need to do before the deadline.

GDPR截止日期迫在眉睫，从5月25 ^日开始 ，所有收集欧盟公民数据的企业和组织都必须遵守。 如果不是，那么就有可能被罚款。 您可能已经在自己的收件箱中收到了与GDPR相关的电子邮件数量，您可能已经注意到，实际上，与您打交道的每个公司都在做准备。 如果您还没有做出必要的更改，那么这是在截止日期之前需要做的主要事情。

1.获得有关方面的同意，以收集，存储和处理其数据 (1. Get consent from interested parties to collect, store and process their data)

According to the new regulation, you must ask for explicit and positive consent’ before obtaining the data of users. This means that when collecting personal information, such as asking for email addresses, you must provide a means for them to give consent.  This may mean you need to create a consent field on any online forms. You must also state why you are collecting the data and how you will use it.

根据新规定，在获取用户数据之前，您必须征得用户的明确同意 。 这意味着在收集个人信息(例如要求提供电子邮件地址)时，您必须提供一种让他们表示同意的方法。 这可能意味着您需要在任何在线表单上创建一个同意字段。 您还必须说明为什么要收集数据以及如何使用它们。

If you already hold data for which you do not have consent, you will need to go back and ask for it. This is one of the reasons why so many companies have been sending out GDPR emails to their customers asking if you still want to receive newsletters or offers.

如果您已经保存了您不同意的数据，则需要返回并索要。 这就是为什么这么多公司一直向其客户发送GDPR电子邮件的原因之一，询问您是否仍然希望接收新闻通讯或优惠。

2.通过设计加强数据保护 (2. Strengthen your data protection by design)

To comply with GDPR, your business or organisation has to have a ‘start to finish’ data protection policy. This means ensuring that data is secure right from the moment a user sends it to your server, during transit, throughout processing, in storage and even when being deleted.

为了符合GDPR，您的企业或组织必须有一个“从头开始”的数据保护政策。 这意味着从用户将数据发送到服务器的那一刻起，就在传输过程中，整个处理过程中，在存储中，甚至在删除数据时，也要确保数据的安全性。

Part of the processes of developing a ‘Privacy by Design’ system must involve a ‘privacy impact study’ which should look at how any changes you make will help protect data and prevent data breaches.

开发“设计隐私”系统的部分过程必须涉及“隐私影响研究”，该研究应着眼于您所做的任何更改将如何帮助保护数据并防止数据泄露。

You don’t have very long to do this, so if you haven’t begun the process, the best solution in the short term is to audit the security you already have in place and then look for weaknesses which you can quickly implement, such as obtaining an SSL certificate, backing up your website and data, making sure you have a firewall in place and that your site and email are scanned for viruses. Make sure, too, that strong passwords are used.

您执行此操作的时间并不长，因此，如果您尚未开始该过程，那么短期内最好的解决方案是审核您已经拥有的安全性，然后寻找可以快速实施的弱点，例如作为获取SSL证书的步骤，请备份您的网站和数据，并确保已安装防火墙，并且已对您的网站和电子邮件进行了病毒扫描。 同样，请确保使用强密码。

If you host that data on a third-party server, as most website owners do, you also need to ensure that your web host’s server is secure and that any processing they do on your behalf is GDPR compliant. Make sure your host provides you with a Data Processing Agreement. You may also find that you host needs to make changes to their agreements and SLAs in order to be compliant themselves.

如果像大多数网站所有者一样，将数据托管在第三方服务器上，则还需要确保虚拟主机的服务器是安全的，并且代表他们进行的任何处理均符合GDPR。 确保您的主机为您提供了数据处理协议。 您可能还会发现，您的主机需要对他们的协议和SLA进行更改，以使其自己合规。

3.更新您的隐私政策 (3. Updating your privacy policy)

Another reason you will have been receiving so many emails recently is that many of the organisations you have dealings with will be updating their privacy policy.

您最近会收到这么多电子邮件的另一个原因是，您与之打交道的许多组织都将更新其隐私政策。

Privacy policies explain to users how and why you collect their data and how it is used. GDPR will require you to make changes to your policy because it will change the way you need to treat data.

隐私权政策向用户说明了如何以及为什么收集他们的数据以及如何使用它们。 GDPR将要求您更改政策，因为它会改变您处理数据的方式。

You need to be careful, here, that you have a full understanding of ‘personal data’. It includes any information that can be used to identify a person. This means that such things as visitors’ IP addresses, which are collected by background software and plugins, could, when linked to other information, be seen as personal data. So even if you don’t collect personal data for business purposes, you may still be collecting it unwittingly in order for your website to operate.

在这里，您需要注意对“个人数据”有充分的了解。 它包括可用于识别个人的任何信息。 这意味着由后台软件和插件收集的访问者IP地址之类的东西，当链接到其他信息时，可以看作是个人数据。 因此，即使您不出于商业目的收集个人数据，也可能会不经意间收集这些数据，以便您的网站正常运行。

With this in mind, you may need to make changes to your policy. For example, telling users if you collect data for which you do not need consent, such as IP addresses which are used solely for web security or integrity. Your policy should also inform users how to contact you in order to have any data deleted.

考虑到这一点，您可能需要更改策略。 例如，告诉用户是否收集了不需要您同意的数据，例如仅用于Web安全性或完整性的IP地址。 您的政策还应告知用户如何与您联系以删除任何数据。

Once the privacy policy is amended, you should notify your customers by email and include a link to the updated policy. In some circumstances, you may need to find a way to show that they have read and agreed to the changes.

修改隐私政策后，您应该通过电子邮件通知客户，并包括指向更新后的政策的链接。 在某些情况下，您可能需要找到一种方法来表明他们已阅读并同意更改。

4.更新其他政策和协议 (4. Updating other policies and agreements)

If you have other policies and agreements, such as terms and conditions, which discuss the use of personal data, these too need to be updated to ensure that they are compliant. As with the privacy policy, users need to be notified and may need to agree with the changes.

如果您还有其他政策和协议(例如条款和条件)讨论了个人数据的使用，则也需要对其进行更新以确保它们合规。 与隐私策略一样，需要通知用户，并且可能需要同意更改。

5.用于自动配置决策的人力资源 (5. Human resourcing for automated profiling decisions)

If your business makes automated decisions about customers based on data profiles, such as in granting credit (credit scoring) or offering memberships, these may no longer have legal standing after GDPR comes into force.

如果您的企业根据数据资料(例如授予信用(信用评分)或提供会员资格)自动做出有关客户的决定，则GDPR生效后，这些资料可能不再具有法律地位。

Under the regulation, individuals can refuse to be the subject of a decision based on automated processing. Inaccurate data and errors in processing have caused people to be wrongly treated in the past and the new regulation is designed to prevent this. If a person challenges an automated decision, you will need a human to look at the case.

根据该法规，个人可以拒绝接受基于自动处理的决定。 过去，不正确的数据和处理中的错误已导致人们受到错误对待，而新法规旨在防止这种情况。 如果某人对自动决定提出异议，您将需要一个人来审理案件。

Whilst this doesn’t mean businesses have to scrap automated data-based decision making, it does mean they have to have the human resources in place to deal with any customer who refuses to accept the decision.

虽然这并不意味着企业必须放弃基于数据的自动化决策，但是这意味着他们必须拥有人力资源来应对拒绝接受该决策的任何客户。

结论 (Conclusion)

With deadline day approaching, if you haven’t yet begun to address the changes GDPR imposes, you’ll need to do so quickly. Hopefully, this checklist will help. However, if you are having difficulties, make sure you check the Guide to the General Data Protection Regulation on the Information Commissioner’s Office website.

随着截止日期的临近，如果您尚未开始处理GDPR所施加的更改，则需要尽快进行。 希望此清单会有所帮助。 但是，如果遇到困难，请确保查看信息专员办公室网站上的《通用数据保护条例指南》 。

翻译自: https://www.eukhost.com/blog/webhosting/last-minute-gdpr-checklist-are-you-ready-for-25th-may/

gdpr 下载