Disclaimer: We are not lawyers. Nothing in this article should be considered legal advice.
The General Data Protection Regulation (GDPR) is a European Union (EU) law taking effect on May 25, 2018. The goal of GDPR is to give EU citizens control over their personal data and change the data privacy approach of organizations across the world. You’ve probably received at least a dozen emails from companies like Google, Amazon, and websites you probably forgot you had an account on (good reminder to cancel!).
Users have a right to know what personal data a website collects, why it is collecting it, what it does with the data, for how long and who receives it. It also empowers users to access any personal data that they have shared and even to have that data purged upon request.
Do you market goods or services to EU residents? This can include over the internet. If you answer yes, then it affects you. Even though GDPR only covers users in the EU, its impact is being felt across the world. Any website that collects data from EU citizens is bound by the regulation – no matter where it’s located. In other words, this affects just about everyone.
The EU can impose fines (4% of company revenue or 20 euros) but don’t expect the EU to enforce this (unless your Facebook…). I personally do not think Mom and Pop companies doing business here should worry about the EU. Sometimes you need to take a step back as you are getting a barrage of emails from large multi-national companies who’s existence is to mine data and other businesses who just copy what the cool kids do, and think…how does this affect me?
Depends on who you are. There are four key points from the regulations you need to be aware of and consider putting them into practice. Download What is required under GDPR. for a simple and concise breakdown of this.
We opted not to launch a ‘consent’ pop up form of our website which surely does wonders for the user experience and we didn’t feel we should send a mass announcement to our customers telling them about how we are GDPR compliant.
GDPR goes into affect on the 25th. I wouldn’t panic as the vast majority of you reading this article won’t ever really need to worry about the EU (or any member in it) coming after you (think about that for a second…). Facebook, Google, and other well to do US businesses should be keeping their eye out (this guy wasted no time). However, if If you haven’t assessed your policies, now would be a good time as there are some good practices in data security and privacy that GDPR lays out.