GDPR – General Data Protection Regulation
What is the GDPR?
Section titled “What is the GDPR?”The GDPR is the European regulation governing the collection and processing of personal data within the European Union.
Learning Objectives
Section titled “Learning Objectives”- Understand what constitutes personal data
- Know what GDPR stands for
- Identify the core principles of GDPR
- Know the rights of individuals
- Define the web designer’s role in GDPR compliance
What is Personal Data?
Section titled “What is Personal Data?”Personal data is any information that can be used to identify a natural person, directly or indirectly.
Examples:
- First and last name
- Postal address, email
- Online identifiers, IP address
- Sensitive data (political views, religion, health…)
What is the GDPR?
Section titled “What is the GDPR?”GDPR = General Data Protection Regulation
Adopted in 2016, enforced since May 25, 2018
Purpose
Section titled “Purpose”To strengthen individual rights and regulate how organizations process personal data.
Core Principles
Section titled “Core Principles”- Transparency
- Legitimate purpose
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
Scope of the GDPR
Section titled “Scope of the GDPR”The GDPR applies to any organization processing personal data of EU residents, even if the organization is located outside the EU.
It also includes websites offering products or services to EU citizens.
Individual Rights
Section titled “Individual Rights”| Right | Description |
|---|---|
| Access | Know what data is collected and how it’s used |
| Rectification | Correct inaccurate data |
| Erasure | Delete data (“right to be forgotten”) |
| Restriction | Temporarily suspend data processing |
| Portability | Transfer data to another service |
| Objection | Refuse processing in certain situations |
Company Responsibilities
Section titled “Company Responsibilities”- Implement appropriate security measures
- Obtain explicit consent
- Appoint a DPO (Data Protection Officer) if needed
- Notify data breaches to the CNIL and affected users
Possible Sanctions
Section titled “Possible Sanctions”Non-compliant companies risk fines of up to €20 million or 4% of global annual turnover.
Examples:
The Web Designer’s Role in GDPR Compliance
Section titled “The Web Designer’s Role in GDPR Compliance”Web designers play an active role in GDPR compliance from the early stages of website creation.
Key Principles to Apply
Section titled “Key Principles to Apply”- Privacy by design & by default: only display fields that are strictly necessary
- Clear consent: explicit, unchecked checkboxes
- Transparency: accessible privacy policy
- Cookie management: banner, granular choices, option to refuse
- User rights accessibility: forms for data access / correction / deletion
- Security: secure design (HTTPS, safe storage, etc.)
- Collaboration with the DPO or data controller
Key Takeaways
Section titled “Key Takeaways”- GDPR protects the fundamental rights of EU citizens
- Any business—even outside the EU—must comply if targeting EU users
- The web designer plays a crucial role: best practices must be integrated from the start