Our take on GDPR
With everyone's inboxes overloaded with privacy policy emails, we thought it would be a good time to help explain what GDPR is and give our take on this whole situation. Some of what we discuss should help you understand what you may need to do if you own a business (and have a website).Disclaimer: We are not lawyers. Nothing in this article should be considered legal advice.
Quick Overview of GDPR
The General Data Protection Regulation (GDPR) is a European Union (EU) law taking effect on May 25, 2018. The goal of GDPR is to give EU citizens control over their personal data and change the data privacy approach of organizations across the world. You've probably received at least a dozen emails from companies like Google, Amazon, and websites you probably forgot you had an account on (good reminder to cancel!).Users have a right to know whatpersonal data a website collects, why it is collecting it, what it does with the data, for how long and who receives it. It also empowers users to access any personal data that they have shared and even to have that data purged upon request.
Does this affect my business?
Do you market goods or services to EU residents? This can include over the internet. If you answer yes, then it affects you. Even though GDPR only covers users in the EU, its impact is being felt across the world. Any website that collects data from EU citizens is bound by the regulation – no matter where it’s located. In other words, this affects just about everyone.The EU can impose fines (4% of company revenue or 20 euros) but don't expect the EU to enforce this (unless your Facebook...). I personally do not think Mom and Pop companies doing business here should worry about the EU. Sometimes you need to take a step back as you are getting a barrage of emails from large multi-national companies who's existence is to mine data and other businesses who just copy what the cool kids do, and think...how does this affect me?
So what should I do?
Well you should get a sense for what's being asked of your business. Asking for consent to collect data and updating your legal contracts on your website (privacy policy, terms) seem to be good enough to ensure you are complying. You can send a message to current customers and users of the changes in your policies. If you'd like to perform a full assessment and see what you need to be fully compliant, this checklist (gdprchecklist.io) does a nice job of that.
Sounds like it's not a big deal
Depends on who you are. There are four key points from the regulations you need to be aware of and consider putting them into practice. Download What is required under GDPR. for a simple and concise breakdown of this.
Is TECKpert GDPR Complaint
Yes, we've made adjustments to our Privacy Policy but overall we have been implementing best practices in data collection and security for years. All our data that is collected is encrypted and secure. We have a internal security operations document and it's part of our employee training. We constantly scan and test our networks. And we never sell or share our user's data. Should any breach of data occur, we have a procedure to notify anyone affected within 24 hours.We opted not to launch a 'consent' pop up form of our website which surely does wonders for the user experience and we didn't feel we should send a mass announcement to our customers telling them about how we are GDPR compliant.
What happens after May 25?
GDPR goes into affect on the 25th. I wouldn't panic as the vast majority of you reading this article won't ever really need to worry about the EU (or any member in it) coming after you (think about that for a second...). Facebook, Google, and other well to do US businesses should be keeping their eye out (this guy wasted no time). However, if If you haven't assessed your policies, now would be a good time as there are some good practices in data security and privacy that GDPR lays out.