There has been tons of hype around GDPR on news media sites. Since we are in the business of websites and social media, what exactly is GDPR and why do we all need to be concerned?
GDPR stands for the General Data Protection Regulation and is an EU law on data protection and privacy for all individuals within the European Union. However, it also applies to personal data collection and processing by any company or website for citizens of the EU. So, even if your website is in another country, if you are collecting personal data from those citizens you need to be aware of these regulations. The GDPR aims to give control to residents over their personal data and becomes enforceable on May 25, 2018.
What type of personal data does GDPR cover?
It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address. Most websites rely on IP address data for tracking and information purposes therefore this regulation applies to a wide range of businesses around the world.
How do you prepare for GDPR?
While the regulations are cumbersome, there are a few pieces that we have pulled out that you should be aware of. A broad breakdown of what you need to know to be compliant is as follows:
- Under the GDPR, individuals can ask for you to erase their personal data. Now that you know what data you are collecting, you need to know how to erase that data if you get a request to do so. You also need to offer all website visitors a means to request the removal.
- Should there be a breach of personal data, GDPR dictates that you notify authorities within 72 hours after you become aware of the issue. This is especially relevant if you are collecting financial data such as credit card information on your site. We recommend either using a third party for such transactions or contacting a lawyer on the legal aspects of collecting that information yourself.
What are the penalties?
You can incur fines for non-compliance as well as data breaches. However, a first time offender is given a warning in writing. While we all need to do our best to comply before the May 25th deadline, a failure to do so will only result in a warning. After that, you will have 30 days to fix the issues and show progress to being compliant.
What should be your next step?