The General Data Protection Regulation (GDPR)
is a set of new laws for Europe dealing with the privacy of consumers. It’s specifically focused on citizens of the European Union and how businesses will handle data for them.
HOWEVER – Don’t think this doesn’t mean you. The entire Internet will be affected because the EU wants the law to apply to any website where a citizen of the UE can visit. This specifically applies to any website that stores data about their visitors.
Even simple things like getting someone to sign up for your newsletter, comment on a blog post, or send you a simple contact form. This data is not always stored, it depends on the plugin you use, and may not be stored by your website at all, e.g. you may be using a 3rd party like MailChimp. However, according to what I can figure out – the EU will still consider it your responsibility.
How likely is is that an EU visitor will interact with your site?
How likely is it that they would have a problem and set the EU web police on to you?
Who can say – that’s your risk to calculate. My job is to let you know this is coming and assist you in figuring this stuff out. It’s always good business practice to have a “Policy” or “Privacy” document in place on your website anyway so why not go ahead and consider some small measures to CYA? The new law ask that a business specifically states what data it collects, where it is stored and what it is used for. The document should also layout what someone can do to have that data deleted if they choose.
This is what I have gleaned so far;
GDPR comes into effect May 28, 2018.
If you can believe this – the fine for non-compliance is up to 4% of annual global turnover or €20 Million (whichever is greater).
The EU can block your website (in Europe I believe).
Businesses that are public authorities, engage in large scale systematic monitoring, or engage in large scale processing of sensitive personal data will need a Data Protection Officer (DPO) – this is not you 🙂
You’ll need to assess the risk of your data and take extra precautions to protect it.
My advice for what it’s worth;
Put together a policy document that we can put on the website – CYA.
Don’t collect any info you don’t actually need.
Delete data you don’t need to to keep long term to ensure it isn’t at risk.
There are plugins now available to assist with compliance and data deletion (by site visitors).
Even with the extra cost of completeing this work, the data you collect is still good to have because you can target your audience better. You can advertise to your actual audience without having to make costly guesses about who they are and what they’re interested in.
This shouldn’t be a big job, unless you want it to be, so give me a call or email and we can talk about it and figure out what you need.