There has been tons of hype around GDPR on news media sites. Since we are in the business of websites and social media, what exactly is GDPR and why do we all need to be concerned?
GDPR Definition
GDPR stands for the General Data Protection Regulation and is an EU law on data protection and privacy for all individuals within the European Union. However, it also applies to personal data collection and processing by any company or website for citizens of the EU. So, even if your website is in another country, if you are collecting personal data from those citizens you need to be aware of these regulations. The GDPR aims to give control to residents over their personal data and becomes enforceable on May 25, 2018.
What type of personal data does GDPR cover?
It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address. Most websites rely on IP address data for tracking and information purposes therefore this regulation applies to a wide range of businesses around the world.
How do you prepare for GDPR?
While the regulations are cumbersome, there are a few pieces that we have pulled out that you should be aware of. A broad breakdown of what you need to know to be compliant is as follows:
- The GDPR will give an individual the right to find out whether, where and for what purpose their personal data is being processed. Therefore, you as a website owner needs to know exactly what data you are collecting, why you collect it, what you use it for, and how long you retain the data. This information needs to be communicated to any visitors of your site with something like a privacy policy.
- Under the GDPR, individuals can ask for you to erase their personal data. Now that you know what data you are collecting, you need to know how to erase that data if you get a request to do so. You also need to offer all website visitors a means to request the removal.
- Should there be a breach of personal data, GDPR dictates that you notify authorities within 72 hours after you become aware of the issue. This is especially relevant if you are collecting financial data such as credit card information on your site. We recommend either using a third party for such transactions or contacting a lawyer on the legal aspects of collecting that information yourself.
What are the penalties?
You can incur fines for non-compliance as well as data breaches. However, a first time offender is given a warning in writing. While we all need to do our best to comply before the May 25th deadline, a failure to do so will only result in a warning. After that, you will have 30 days to fix the issues and show progress to being compliant.
What should be your next step?
The first step is to make an effort! Any effort in the right direction will be a bonus down the road. Being transparent with your website visitors is never a bad thing whether they are in the EU or out of it. A review of your privacy policy and data collection methods is always a good practice as well. Start with those data collection steps and make a note of other issues that may be unique to your site that could be an issue. Resolve to tackle those on your own or contact us for help! We are here to make sure your site is secure as possible for all visitors.