Who we are
Why we exist
As privacy concerns continue to grow over the use of personal data by companies, protecting your privacy has never been more critical. For companies operating within jurisdictions that have strict privacy laws, OWDT can audit your existing website or digital product to ensure it complies with the General Data Protection Regulation.
A user must be prompted to determine whether they consent to the collection and processing of their personal data. It is also required for the recipient of the data to be clearly named.
When users are provided with consent forms, showing the data that will be collected, checkboxes cannot be prefilled, they can only be checked by the user, manually.
As most products use multiple background services, the user must be provided separately outlined requests asking for user consent.
A user may decide to withdraw their acceptance and permission for data collection. In this case, it is required they have the option to easily reverse their agreement.
Every organization that is processing personal data must designate a dedicated a Data Protection Officer (DPO) responsible for keeping your processes and services in compliance. The DPO also must be registered with the Information Commissioner’s Office (ICO).
It’s required to state what types of data will be collected and where they will be located.
The data that is collected has to fulfill the purpose of the reason it is collected. If it goes beyond its purpose, the collection is no longer in compliance.
If you’re using Google Analytics or any third party services within your product, their integration must be verified separately to ensure they are within compliance.
If online payments can be made through your website or product, storing customer information after the purchase has to be temporary and must be removed.
In the event of a data breach, the organization must report the event with 72 hours.