This post is for informational purposes only, we aren’t lawyers.

The General Data Protection Regulation or GDPR is a set of regulations that the EU Parliament approved on April 14, 2016.The goal of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world. These changes are quite major compared to their previous regulations created in 1995. Check out this neat little infographic that the EU has put out.

If you don’t reside within a country that’s part of the European Union, you may be wondering what it has to do with you. If you have a website, regardless of the type, it probably has EVERYTHING to do with you. Why? Because if you have visitors or customers using your website that reside within the EU, the GDPR pertains to you. It especially pertains to you if you collect any data such as:

What types of websites would fall under this? Online stores (ecommerce), sites that use Google Analytics, email capturing (Mailchimp…etc), if you have a Contact Form on your website, or even if you’re a blogger who allows people to post comments. Get the picture? Pretty much everyone is affected by this.

But wait a second, I’m a US citizen and we aren’t part of the EU. So who has to comply with the GDPR?

First and foremost, U.S. organizations that interact with the EU market and/or that have entities in the EU should assess whether they will be required to abide by the GDPR when it takes effect in May 2018.  The GDPR applies to organizations involved in the processing of personal data of individuals located in the EU.  “ersonal data” is defined broadly as “any information relating to an identified or identifiable natural person.”  “Processing” means “any operation or set of operations which is performed on personal data or on sets of personal data.”  These are broad definitions encompassing a range of data types and a variety of data usages—they are designed in particular to sweep in U.S. technology companies.  Indeed, information such as log-in information, IP addresses, and vehicle identification numbers, though not enabling direct identification of individuals, allow for identification of individuals indirectly and are therefore considered to be personal data.  This means that, in practice, most services and/or projects will be considered to involve processing of personal data.  Also important to note is the possibility that, because these definitions—particularly the definition of personal data—are specific to the EU and the GDPR, U.S. companies may be less familiar with their scope and contours.

Even if you think you’re immune to these regulations or that perhaps they don’t apply, why even risk it? Every website should have a Privacy Policy, Cookie Policy, and perhaps a Terms of Use/Service Policy. Odds are that all of us will be affected by the GDPR. You can expect the services you use to be forced to comply (hosting, domain name registrar, and more). Most companies that offer these types of services will most likely amend their terms to include compliance with the GDPR for all who use them.

Not complying could potentially end up with your services being terminated. So while you might not get fined, it will still cost you in the end if this happens. Don’t be the guy/gal who this happens too.

There’s Great News!

Most if not all of the major CMS’ are prepared for GDPR. WordPress is actively ensuring their software is able to perform and function as required before the deadline.They have some major enhancements on the way to help aid you. Also WooCommerce is working to ensure your online store stays compliant as well. This is all great news, but you’re still not done. There’s several steps you need to take as well depending on the type of website you have.

There’s no sense in us trying to reinvent the wheel with this. Here’s two great articles that discuss what you need to do to prepare:

How To Make A WooCommerce Website GDPR Compliant? (12 Steps)
The Complete WordPress GDPR Guide

You’re also going to need a solid Privacy Policy and Cookie Policy resource. This one is paid but well worth it:

iUbenda (you’ll save 10% off your first year clicking on this affiliate link)

iUbenda does offer a basic privacy policy for free. You embed it on your site and then iUbenda does all the work for you. If the laws change, they automatically update it for you so your Privacy Policy always stays up to date. That’s GREAT!! The downside is that you are limited to the number (only four) of data collecting services you can add. So if you use mail chimp, and google analytics that takes up four. There’s no way you can add all the things you need to with the free service. The upside is that their pricing plans are very affordable.

Again, don’t be the guy/gal that gets caught without the necessities in place. Spend the $27/year and get your polices in place. (you’ll save 10% off your first year clicking on this affiliate link)

If you’re not sure where to start, send us a message on our contact form and we will help you get the ball rolling. Remember, you only have a little more than a month to do this.