Why Does It Matter?
What is the GDPR?
In 2012 the European Commission met to formulate new protections for its citizen’s personal data and privacy. Those have been completed resulting in the new GDPR taking effect on May 25, 2018. In a nutshell, this is a new set of rules that give their citizens more control over their personal data. It makes it easier for someone to access their data, ask for it to be deleted, understand what’s being collected and how, and more. It is a serious effort to keep consumers safe. You can learn more about it here.
Does GDPR Apply to My Business?
GDPR applies to any organization operating within the EU, as well as those outside of the EU which offer goods or services or collects information about customers or businesses in the EU. Something as basic as the cookies your site automatically collects Is considered a collection of information. So basically, if your website can be accessed by anyone in the EU, it applies to you.
What if I Don’t Comply with GDPR?
Fines range from a maximum of over 23 million dollars or 4% of the business’ annual global turnover. The amount of the fines will vary based on company size, level of effort to protect data, transparent communication, reporting data breaches, the way data is collected and other factors.
It appears that those businesses who act promptly to update their policies and show an appropriate effort to follow these new rules will receive more leniency than those who do nothing. Even if you can’t get everything done in time, just getting started and letting your website visitors know you’re changing your policy, is showing an effort that will be taken into consideration.
How Do I Make my Website GDPR?
Step 1: Review & Identify
Find all the places personal customer information is stored on your website. Find out what information you’re collecting and make sure you or any 3rd party partners are asking permission to collect this information.
Step 2: Permissions & Information
Understand the journey website visitors take a journey when they use your website. When you ask for information, be sure it happens during the right part of the journey. Random requests for information when it isn’t clear why you need it is a signal your website may not be GDPR-compliant. When you do ask for permissions and information, make sure you do so before you collect that information.
Step 3: Talk to Your Attorney
Now is the time to touch base with your attorney to ensure your processes are compliant with GDPR. Your attorney can make sure your GDPR policy statement is legally written. This is also a good time to get your tech team on board to build and set up the (Information Technology) IT part of the process.
Step 4: Delete or Conceal
Once you have used the information for the customer-approved reason, remove it by either deleting it or concealing it. Make sure you have an automatic process to assure this step doesn’t get missed.
I am not an attorney in the state of Arizona nor in any other state. I do not have any special training to present the facts of law to you. So anything I say here is my own opinion from the research I have done and legal folks I’ve talked with about my particular situation. I strongly encourage you to seek legal counsel for your own situation to protect your rights and business. These statements apply to the United States of America and may not apply to other countries.
- Content Marketing for Your Business - September 5, 2018
- Business Blog: 5 Reasons You Need One - August 23, 2018
- 3 Ways to Strengthen Your Website - August 20, 2018
- Updates to Facebook News Feed Change - February 2, 2018
- SEO Myths & Must-Haves - December 4, 2017
- How to Promote Your Blog - December 4, 2017
- 5 Social Media Marketing Tips - December 1, 2017
- The Ins and Outs of Social Media Marketing - October 26, 2017
- How to Create Your Brand Story - October 5, 2017