GDPR Quick Reference

Privacy Aspect Description Reference
Data collection Only collect data for the intended purpose. Art. 5 (1), 6; recitals 32- 50, 58, 60 et seq.
Children protection Treat children related info with utmost caution. Art. 6 (1) lit. f, 8, 12 (1); recitals 38, 58, 65
3rd-party sharing Inform users when their personal data is shared. Art. 13 (1) lit. e, 14 (1) lit. e; recitals 61
Data security Implement state of the art data security mechanisms. Art. 32, recital 78
Data retention Determine storage periods for personal data depending on its purposes. Art. 17, 13 (2), 14 (2)
Data aggregation Inform users when aggregated personal data is collected or shared. (from PrivacyCheck)
Data control Give users full control on personal data (delete, modify or transfer it). Art. 13 (2) lit. b, 14 (2) lit. b, 15, 16, 17, 18; recitals 63 et seq.
Privacy settings Use best privacy settings. At least, allow users to modify them. Art. 25, recital 78
Account deletion Allow users to delete personal data at their convenience. Art. 17
Breach notification Inform about incident, the implications, and actions users to take. Art. 12, 34, 40
Policy changes Inform about policy changes in a transparent, and understandable. Art. 12

Resources