How To Make Sites GDPR Compliant

newsWhat is GDPR and why should you worry about it?

If you own or have worked in a business that transacts with European citizens, you may have recently heard about the General Data Protection Regulation (GDPR).

This regulation compels businesses (even those outside the EU) to protect the personal data of citizens in EU member states. Non-compliance entails steep penalties (up to €20m or four percent of a business’ annual worldwide revenue, whichever is larger!).

Not even the bigger companies like Facebook or Instapaper were safe.

So:

How do you make your site GDPR compliant?

Read more to find out!

Does It Affect My Business?

First:

Determine if your business is one of the four types that need GDPR compliance.

Is your business:

  • Situated in an EU member state?
  • Outside of an EU member state but collects and/or processes personal data from citizens of EU member states?
  • Employing more than 250 employees?
  • Employing less than 250 employees but your data processing affects the rights and freedom of your data subjects, in a non-occasional way, or includes certain types of personal information.

Simply put:

The four business types include most, if not all, of businesses today. Whether you’re in the Information Technology business or a small online retail, odds are you’re going to be affected by this regulation.

What Are My Obligations Under the Law?

Now:

Once you’ve determined that your business is affected by the regulation, you have to know what you need to comply with as far as your customer’s data is concerned.

Businesses are categorized as either Controllers or Processors.

If your business DETERMINES the purpose of the collection and storage of data, then your business is a CONTROLLER.

If your business collects and stores data ON BEHALF OF ANOTHER business or organization, then your business is a PROCESSOR.

Knowing this is key because each type has a different set of obligations in addition to those which they have in common, including:

  • A list of all the information they hold including the source, who they share it with, what they do with it, how long they hold on to it, and where they keep such information. They must have built-in data protection measures.
  • A privacy policy that shows the processes involving personal data as well as a lawful basis for collecting that data. This policy must be easily accessible to the public.
  • Technical security must be up to date. Perhaps even hiring a Data Protection Officer (more on this later).
  • Reporting data breaches to the local authorities within 72 hours.

Rights Of Data Subjects/Customersmedia

Now that you’ve learned most of what you need to do to make your site one step closer to GDPR compliance, it’s time you learned what rights your customers have.

Which are rights to:

  • Transparency and Modalities– Give your customers transparency of information, communication, and modalities for the exercise of their rights.
  • Information– Provide information to your customers where you collect their personal data and where you didn’t do so. Basically, tell them when you do or do not collect their data.
  • Access– Allow them access to their data that you collected.
  • Rectification– Allow your customers to correct any mistakes in the data they provided.
  • Erasure– They can have their data be permanently erased when they revoke their consent; a partner organization makes requests it; or when the agreement or services have been terminated. This is also called the “Right to be forgotten” which even global giant “Google” was made to respect.
  • Portability– Let them obtain and reuse their own data for their own purposes across different services.
  • Object– The absolute right to object to their data being used for direct marketing purposes and for processing in certain circumstances. You also have to inform them of their right to object and you have one calendar month to respond to their objection. Note: there are situations where you can continue processing their data if you provide a compelling reason to do so.
  • Automated individual decision-making, including profiling– This simply means that the GDPR applies to all Automated individual decision-making, including profiling.

Do I Need a Data Protection Officer?

Finally:

One of the suggested ways to ensure your GDPR compliance is to hire a Data Protection Officer (DPO).

But:

You won’t need one unless your business or organization falls under any of these categories:

  • Public authorities
  • Organizations that engage in large-scale systematic monitoring
  • Organizations that engage in the large-scale processing of sensitive personal data

Conclusion

To sum up:

The GDPR affects most businesses around the world. If you want your site to be compliant, you have to know the GDPR law better and make sure that you comply with the obligations that it sets for your type of business.

For more information on the GDPR law, you can visit the ICO site here.

How Free VPNs Sell Your Data

If you’ve read my post about the 13 steps to improve your privacy online, you would have read the part where I talk about using a VPN.

Before you do, let me just issue a word of caution:

Try not to use a free VPN.

Why?

Because most free VPNs sell your data without telling you!

Remember:

If the company behind the VPN is not making money off their product, this typically means that you’re the product– and they make money on you.

This is why I’ve made a list of some free VPNs that (at least) admit that they sell your data and I hope this will help you decide whether or not a free VPN is worth your online privacy.

Ten VPNs That Admit to Selling Your Data

1. Betternet (38 million users)

Betternet is a relatively new VPN that has quickly risen in popularity.

They tell you that they make money by offering free sponsored apps and through videos and other ads. They also allow advertisers to track and log your information.

betternet terms

2. FinchVPN

Apart from being one of the more secure VPNs out there, they also offer a substantial 3GB monthly data.

They make money by sharing your user activity data with third parties.
They also limit the number of servers you can access in order to get you to upgrade.

finch vpn terms

3. Hola (150+ million users)

hola terms 1

Hola is unsurprisingly one of the most popular free VPNs by offering free unlimited data without ads.

However:

A group of security researchers have said “Hola is harmful to the internet as a whole, and to its users in particular. You might know it as a free VPN or “unblocker”, but in reality, it operates like a poorly secured botnet – with serious consequences”.

Hola may turn your computer into an exit node and sell access to your computer and network to third-parties through Luminati– their commercial brand.

How do you opt out of this scheme:

Subscribe to their premium subscription.

But, just when you thought it couldn’t get any worse:

It seems Hola can be exploited to allow anybody to execute programs on your computer!

Now:

If you’re like me and immediately visited the Hola FAQ page, you may wonder where all of the above was said.

Well:

If you read through the findings of the group of researchers that I mentioned above, you’ll discover that Hola actually tried to change history quietly once the media started getting involved.

They also make it clear in their terms of service that by using Hola you become a peer on their paid Luminati network — in other words, access to your computer could be sold to people paying to use their services.

hola terms 2

4. HotSpot Shield (500+ million users)

Hotspot Shield is hands down the most popular free VPN service.

With that many users, HotSpot becomes a goldmine– both for users and advertisers.

While they make it clear in their terms of service that they display ads to free users (which they display in front of apps and websites you use), it also makes money off users through other means— like sharing free user data and redirecting their traffic to third-party affiliate sites.

hotspot terms

5. HoxxVPN (5+ million users)

HoxxVPN is a popular VPN.

But:

If you manage to read through its long and confusing logging policy, you’ll find that they log your information for their own purpose and share it with 3rd parties

However, if you try to read it over and over again, you’ll soon understand that HoxxVPN makes money on you by logging your information for their own purposes to share it with 3rd parties.

hoxx terms

6. Opera VPN

Once you install the Opera browser, you instantly gain access to the free Opera VPN.

Its privacy policy tells you that it shares your data with third-parties and marketing partners and allows them to monitor your data.

opera terms

7. Onavo Protect

Onavo Protect is owned by Facebook so it isn’t shocking that they were recently in the news for their data usage practices.

Onavo does say that they log user data and share this information with affiliates and third-parties.

They make money on you by using your information for advertising and marketing purposes as well as displaying ads to you.

onavo terms

8. Psiphon (1+ million users)

Psiphon has been a free VPN since 2008.

They’ve survived over ten years by sharing your data with advertisers and letting advertisers track your data usage and through displaying ads.

psiphon terms

9. TouchVPN

TouchVPN is another sketchy free VPN.

They do state that they share your “anonymous” data with third parties for marketing purposes, they don’t say what “anonymous data” includes.

They make money on you by adding Cookies, Pixel Tags, and Web Beacons to your browser while using their service.

touch terms

10. ZPN (8+ million users)

ZPN is another popular VPN.

They offer a whopping 10GB of monthly data– which is nothing to snort at.

They make money on you by sharing your data with their affiliates.

They also try to get you to upgrade to a paid plan by limiting your bandwidth and data, disabling P2P and torrenting, as well as limiting you to just 5 locations.

zpn terms

Conclusion

In the end:

I can’t say I recommend using free VPNs.

When dealing with them, always remember to read the fine print and If it’s too good to be true, it probably is.

13 Steps to Improve Your Online Privacy

“How do I protect my privacy online”?

Online privacy has become a lot more important to ordinary people these days especially after the aftermath of the Facebook Cambridge Analytica scandal.

Do you feel that your private information is really private?

Don’t worry. In this post, I’ll show you how to improve internet security in just 13 steps!

So, let’s begin!

Your Phone

your phone

    1. Lock your screen

This one’s a no-brainer. By locking your screen every time you’re not using your phone, you’re making it a harder for other people to access any of your online accounts should they get a hold of your phone.

  1. Protect your password

Use strong passwords especially for sensitive accounts (like email, online banking, and cloud storage).

When choosing a strong password, always remember that while longer is better, most times a complex password is better than a long one. 

That said, why not have both and make your password long and complex!

Use capital letters, numbers, and symbols (if allowed) and randomly place them in your password (Here’s an example: Compl3xity_>_L3ngth!).

Now:

If you find it hard to memorize all your different passwords, consider using a password manager app. It will keep track of your passwords and you’ll never need to write them down on a piece of paper that could get stolen.

Also:

Consider turning on two-factor authentication to make sure that you are informed each time someone logs into one of your accounts.

Finally:

In case you do suffer a privacy breach, remember to change your password ASAP.

  1. Review permissions

Watch out for apps that request permission for things that are more than necessary for their function.

Weigh its importance before you download it.

Why would a photo editor app need access to your location all the time?

If you find apps on your phone that request these permissions, consider uninstalling them.

Your Computerlaptop

  1. Update operating systems

Operating systems will release updates when they discover security issues. Hackers will quickly exploit these opportunities before the users install the updates.

However:

Most users often forego installing these updates when they become available– most of the time because of inconvenience.

If you want to protect your private information, always install updates when they become available.

  1. Clear Cookies regularly

Cookies are text files on your computer that contain little packets of your data connected to your activity with a website like your preferences, your shopping cart, and keeping you logged in to a site.

You can’t avoid cookies altogether as it would make certain sites (like social networks and online shops)  impossible to use but you can always clear cookies regularly to prevent websites from accessing older cookies– thus making it harder to track your online activity.

  1. Use a Guest Account on Windows

By using a guest account instead of an administrator account, you’re limiting any malware damage to that specific guest account.

  1. Keep your User Account Control on

Your UAC monitors the changes that happen in the system and asks for your permission before allowing these changes. It also alerts you to important events like installing or uninstalling an app.

It makes sure that these events don’t make changes to your computer without your permission thereby nipping untrustworthy software in the bud.

  1. Block location data

Sites these days can use location data to target you with advertisements. Even mapping apps can be used to identify you based on your whereabouts.

To avoid this, see if your browser allows you to toggle location data off.

Browsing the Internetinternet

  1. Use SSL connections

SSL connections prevent prying eyes from viewing your web traffic.

By using sites that support SSL, you’re making sure that anyone sniffing around for your packets will go home empty handed.

To check if you’re using an SSL connection, check for a closed green padlock and “https” before the URL.

  1. Go Incognito

One of the easiest ways to protect your online privacy is using “incognito mode” on your browser.

This prevents people who use the same device from seeing your activity like your browsing history, cookies and site data, and information entered in forms.

  1. Use the TOR browser

If you want to know how to stay anonymous on the internet, using the TOR browser should be at the top of your list.

The TOR browser bounces your connection three times before it arrives at the server you’re looking for. By doing this, the TOR browser makes sure that whatever site you visited will not be traced back to you.

  1. Use a VPN

Another way to protect your online browsing is by using a VPN.

The connections your computer makes on the web is usually public, easily intercepted, and viewable by every server your connection makes contact with.

Using a VPN ensures that your IP is kept safe from prying eyes by routing your connection to the VPN server before arriving at its destination. This makes it that much harder to track you down.

  1. Don’t trust free public wifi

Using free public wifi raises many privacy concerns because you don’t know who runs the hotspot, what the setup is, or what information it logs. It may even be a duplicate of the real wifi that you wanted to connect to.

Conclusion

At the end of the day:

These internet privacy tips are just the methods I’ve used to improve my online privacy and I hope that by sharing them I have helped you to better protect your online browsing.