This post is for informational purposes only, we aren’t lawyers.
The General Data Protection Regulation or GDPR is a set of regulations that the EU Parliament approved on April 14, 2016.The goal of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world. These changes are quite major compared to their previous regulations created in 1995. Check out this neat little infographic that the EU has put out.
If you don’t reside within a country that’s part of the European Union, you may be wondering what it has to do with you. If you have a website, regardless of the type, it probably has EVERYTHING to do with you. Why? Because if you have visitors or customers using your website that reside within the EU, the GDPR pertains to you. It especially pertains to you if you collect any data such as:
- Online Identifier
- and much more!
What types of websites would fall under this? Online stores (ecommerce), sites that use Google Analytics, email capturing (Mailchimp…etc), if you have a Contact Form on your website, or even if you’re a blogger who allows people to post comments. Get the picture? Pretty much everyone is affected by this.
But wait a second, I’m a US citizen and we aren’t part of the EU. So who has to comply with the GDPR?
First and foremost, U.S. organizations that interact with the EU market and/or that have entities in the EU should assess whether they will be required to abide by the GDPR when it takes effect in May 2018. The GDPR applies to organizations involved in the processing of personal data of individuals located in the EU. “[P]ersonal data” is defined broadly as “any information relating to an identified or identifiable natural person.” “Processing” means “any operation or set of operations which is performed on personal data or on sets of personal data.” These are broad definitions encompassing a range of data types and a variety of data usages—they are designed in particular to sweep in U.S. technology companies. Indeed, information such as log-in information, IP addresses, and vehicle identification numbers, though not enabling direct identification of individuals, allow for identification of individuals indirectly and are therefore considered to be personal data. This means that, in practice, most services and/or projects will be considered to involve processing of personal data. Also important to note is the possibility that, because these definitions—particularly the definition of personal data—are specific to the EU and the GDPR, U.S. companies may be less familiar with their scope and contours. [The General Data Protection Regulation: A Primer for U.S.-Based Organizations That Handle EU Personal Data]
Not complying could potentially end up with your services being terminated. So while you might not get fined, it will still cost you in the end if this happens. Don’t be the guy/gal who this happens too.
There’s Great News!
Most if not all of the major CMS’ are prepared for GDPR. WordPress is actively ensuring their software is able to perform and function as required before the deadline.They have some major enhancements on the way to help aid you. Also WooCommerce is working to ensure your online store stays compliant as well. This is all great news, but you’re still not done. There’s several steps you need to take as well depending on the type of website you have.
There’s no sense in us trying to reinvent the wheel with this. Here’s two great articles that discuss what you need to do to prepare:
iUbenda (you’ll save 10% off your first year clicking on this affiliate link)
Again, don’t be the guy/gal that gets caught without the necessities in place. Spend the $27/year and get your polices in place. (you’ll save 10% off your first year clicking on this affiliate link)
If you’re not sure where to start, send us a message on our contact form and we will help you get the ball rolling. Remember, you only have a little more than a month to do this.