Category: Education

Education, GDPR, General Data Protection Regulation, Tip of the Week

GDPR and Running Your Business

Rose

We at RISC Management and Consulting have our online store through Shopify and use a multitude of applications (apps). We’ve always managed our business in a transparent and ethical way. However, with the GDPR’s forthcoming effect tomorrow, we want to help you take steps to assure merchants your apps are GDPR compliant!

General Data Protection Regulation or GDPR is the EU Regulation 2016/679. This regulation deals with the “protection of natural persons with regard to the processing of personal data and on the free movement of such data”.  It will be applicable as of May 25th, 2018 in all member states to integrate data privacy laws across Europe. The regulation came into force on May 24th, 2016. If you serve sellers, retailers, and businessperson, that could have customers based in Europe, then this regulation will affect you.Coming soon

Key Issues of the GDPR

  • Consent
  • Data Protection Officer
  • Email Marketing
  • Encryption
  • Fitness/Penalties
  • Information Obligations
  • Order Processing
  • Personal Data
  • Privacy by Design
  • Privacy Impact Assessment
  • Records of Processing Activities
  • Right of Access
  • Right to be Forgotten
  • Third Countries

Shopify apps

Be mindful of data request and permissions needed

When merchants are deciding to connect your app to their store, it’s important for them to be clear on which parts of your store they’re giving you access to when they install your app.

if you request any permissions that don’t seem to align with what your app provides, we recommend that you:

  • Update your app listing to be clear on why your app requires permission to that/those piece(s) or data
  • Consider if your app does indeed actually require that permission, and disconnect from that API endpoint if it doesn’t

Merchants know that apps often need access to certain pieces of data in order to carry out certain actions or features. However, it’s important to remember that asking for permission to data that doesn’t seem necessary for your app to access can erode merchant trust.

Communicate your use of data through a privacy policy

Beyond letting merchants know what information you’ll be accessing, GDPR also requires that you provide all users of your product (i.e. your app) with detailed information about how exactly your app uses the personal information it collects. One simple but in-depth way to do this is through your app’s privacy policy. 

Ensure you have a secure, organized system for storing data

One of the most important data rights that GDPR specifies is the right all individuals have to access, correct, or have their personal data erased. This means that not only do you need to have a process for retrieving and deleting merchant data upon request, you also need to be able to easily delete your merchant’s customer’s data from your app as well. The first step in being able to do this is to ensure that all personal data you collect is stored in a secure and organized way.

We included the Fact Sheet from the European Commission where they addressed several improvements to execute with data protection violations in the future.

Education, News Events, Tip of the Week

Tips and Advice on Privacy, Identity, and Online Security

Rose

To date, the Federal Trade Commission (FTC) has sued hundreds of companies and individuals who were responsible for placing unwanted calls, and has obtained over a billion dollars in judgments against violators. In addition, the FTC has sponsored a series of robocall contests challenging the tech savvy public to design tools that block robocalls and help investigators track down and stop robocallers. The FTC also is encouraging industry efforts to combat caller ID spoofing.
Tips and Advice

For Identity Theft please visit IdentityTheft.gov. It is the federal government’s one-stop resource for identity theft victims. The site provides streamlined checklists and sample letters to guide you through the recovery process, see some examples below. For a printable checklist click here.

What To Do Right Away

Are you dealing with tax, medical, or child identity theft? See: Special forms of identity theft
Step 1: Call the companies where you know fraud occurred.
Step 2: Place a fraud alert and get your credit reports.
Step 3: Report identity theft to the FTC.
You may choose to file a report with your local police department.

What To Do Next

Take a deep breath and begin to repair the damage.
Close new accounts opened in your name.
Remove bogus charges from your accounts.
Correct your credit report.
Consider adding an extended fraud alert or credit freeze.
Sharing information

How to Keep Your Personal Information Secure Online and Offline

Protecting your personal information can help reduce your risk of identity theft. There are four main ways to do it: know who you share information with; store and dispose of your personal information securely, especially your Social Security number; ask questions before deciding to share your personal information; and maintain appropriate security on your computers and other electronic devices.

For Online Security click here

Limiting Unwanted Calls and Emails

Privacy Choices

Federal law provides you the right to stop some sharing of your financial information

Robocalls

You are allowed to block unwanted calls. Telemarketing sales calls with recorded messages are generally illegal unless you have given the company written permission to call you. See how to below.

Do Not Call

Learn:

  1. How to put your cell phone number on the National Do Not Call Registry. They provide tips to help you stop unwanted calls. Visit donotcall.gov to register your number or calling 1-888-382-1222 from the phone you want to register.
  2. How to hang up on phone scammers and hold onto your money.  Follow up by filing a complaint with the FTC.
  3. About your rights when it comes to telemarketing calls including pre-recorded messages.

Spam

You can reduce unwanted commercial emails. Text message spam is a triple threat: It often uses the promise of free gifts or product offers to get you to reveal personal information; it can lead to unwanted charges on your cell phone bill; and it can slow cell phone performance.

Text message Spam is illegal.

It’s illegal to send unsolicited commercial email messages to wireless devices, including cell phones and pagers, unless the sender gets your permission first. It’s also illegal to send unsolicited text messages from an auto-dialer — equipment that stores and dials phone numbers using a random or sequential number generator.

Exceptions to the law:

  • Transactional or relationship types of messages. If a company has a relationship with you, it can send you things like statements or warranty information.
  • Non-commercial messages. This includes political surveys or fundraising messages.

Good News

Those who violate the National Do Not Call Registry or place an illegal robocall can be fined up to $41,484 per call.