Breach Reporting


Online Purchases


As privacy concerns continue to grow over the use of personal data by companies, protecting your privacy has never been more critical. For companies operating within jurisdictions that have strict privacy laws, OWDT can audit your existing website or digital product to ensure it complies with the General Data Protection Regulation.

Areas required to ensure compliance:

User consent & clear recipient

A user must be prompted to determine whether they consent to the collection and processing of their personal data. It is also required for the recipient of the data to be clearly named.

Unfilled Checkboxes

When users are provided with consent forms, showing the data that will be collected, checkboxes cannot be prefilled, they can only be checked by the user, manually.

Separation of service agreements

As most products use multiple background services, the user must be provided separately outlined requests asking for user consent.

Opting out has to be easy

A user may decide to withdraw their acceptance and permission for data collection. In this case, it is required they have the option to easily reverse their agreement.

Appointing a Data Protection Officer

Every organization that is processing personal data must designate a dedicated a Data Protection Officer (DPO) responsible for keeping your processes and services in compliance. The DPO also must be registered with the Information Commissioner’s Office (ICO).

Type & location

It’s required to state what types of data will be collected and where they will be located.

Collection has to serve its purpose

The data that is collected has to fulfill the purpose of the reason it is collected. If it goes beyond its purpose, the collection is no longer in compliance.

Analytics & service integrations

If you’re using Google Analytics or any third party services within your product, their integration must be verified separately to ensure they are within compliance.

Online purchases

If online payments can be made through your website or product, storing customer information after the purchase has to be temporary and must be removed.

Breach reporting

In the event of a data breach, the organization must report the event with 72 hours.