THE EU GENERAL DATA PROTECTION REGULATION (GDPR)
From May 25th 2018, the Data Protection Directive 95/46/EC will be replaced by the EU General Data Protection Regulation (GDPR), the purpose of which is to harmonize and enhance the protection of the personal data of EU citizens, and to enforce its compliance by any business or website with whom they conduct business, anywhere in the world. In general terms, this has implications for how we manage and retain your personal data, if you are a citizen of the EU, and if you are using this website, enhances your rights pertaining to it. Because we are based in the European Union, but our website is used by parties globally, to avoid ambiguity or confusion, we will apply our data protection policy universally, even if you are using our services from a country outside of the EU.
Data in the context of this particular website may mean personal details, contact details (including telephone numbers, email addresses and physical addresses) and information pertaining to your work as an author, such as pseudonyms and ISBN numbers. Whilst we never take any financial data from you, we do act as a portal to external payment gateways such as Paypal.
YOUR RIGHTS SUMMARIZED
Under the new regulations, your rights pertaining to your data include, but are not limited to, the following:
- Only data which is necessary for the operation of its stated intention must be retained, and only for as long as is required.
- Consent from the data subject must be clearly and unambiguously given, in order for us to retain your data and use it for anything beyond operational purposes. This means marketing consent must be clearly and separately obtained; pre-checked opt-out style check-boxes will no longer be acceptable - consent must be a conscious action by the user.
- Subjects whose data is being retained must be made aware within 72 hours of any breach of the website/company's data security system.
- Data subjects must have a right to access and digitally export all of their held data, free of charge, within 30 days of any such request.
- Data subjects should be empowered with the knowledge of how data is being used. They can request its deletion if wished, and demand the "right to be forgotten" by the organization - this must be complied with if the data is not necessary for the operation of its original intention or fulfilment of a service contract, or its retention is not considered to be "in the public interest".
- Each company/website must have its own policy in place for ensuring the enforcement and working practice of this legislation.
This is only an outline of the new legislation, which briefly summarizes your rights as a subject of data retention, though is currently only legally enforceable if you are a citizen of the EU. For a more comprehensive explanation of GDPR and how it protects your data in the context of our retention of it, please visit: https://www.eugdpr.org/.