As of May 25, 2018, the European Union General Data Protection Regulation (GDPR) has gone into effect.
What is the GDPR?
The GDPR is a privacy and data protection regulation that has replaced the previous 1995 Data Protection Directive, harmonizes the various data privacy laws that exist across all the 28 member states of the European Union. The GDPR provides for large penalties in cases of infringement.
Whom Does the GDPR affect?
The GDPR expressly applies to organizations established both inside or outside the European Union (EU) that offer paid or free goods or services to EU data subjects or monitor EU data subjects’ behavior. This includes any web forms on North American sites that are accessible from the EU. If you or your company offer goods or services to individuals in the EU, or monitor the behavior of individuals in the EU (either intentionally or unintentionally), then the GDPR applies to you. Any e-commerce sites should be sure to review their GDPR compliance.
GDPR liability includes:
- Consumer-facing activities
- Employee activities
- Marketing and advertising
- Geolocation, profiling, or tracking
- Mass communications
- Global business operations
- Service provider relationships
OK I Have a Website that requires GDPR compliance, what do I do now?
We recommend you contact your website developer to assist with GDPR compliance, however here are a few things you can start to look at:
- Reviewing your privacy notice for the proper GDPR wording.
- Assigning a data protection officer within your organization.
- Adding a cookie notice pop-up to the website which will allow users to choose if they want to allow cookies.
- Adding a “double-opt-in” to any newsletter or blog subscription forms you have on the site. Send out a new GDPR opt-in notice to your current subscriber list.
- Adding opt-in checkboxes to any web contact forms with a clear definition of why you are collecting user data.
- Adding a web form where users can request a copy of their personal information.
If you do not have a website that is accessible from the EU, AND you do not do any business with any residents of the EU, then the GDPR regulations will not affect you.