On May 25th, 2018, General Data Protection Regulation or GDPR will be in full force. But what even is GDPR and how can you as a business owner prepare for the coming legislation?
What is GDPR?
GDPR is a new registration that focuses on the way in which private data belonging to EU citizens is collected, stored and distributed. Everyone is required to take action before the given date — this applies to all companies across the world who work with EU citizens. It doesn’t matter where you are located in the world, if you’re dealing with users in the EU, you need to comply with GDPR.
Once in effect, it will require websites to update their processes and functionality in order to:
- Inform users of what personal data companies are using and how they are using it
- Prompt users to provide active consent for the company to collect that data, or opt out of having it collected
- Provide users with access to their data and allow users to easily erase it
It’s a non-negotiable regulation. For those who do not follow the regulation, they will face large fines. Failure to comply will result in either €20 million or 4% of global sales (whichever is larger) for major infractions and up to €10 million or 4% of global sales for other violations.
In the aftermath of recent data violations, gathering data will not be as simple as it used to be. Websites must be clear about when they store personal data and allow users to have complete control over their own data and have the option to opt out. By this time you might have noticed that many major websites have already built a pop up on their website asking if users agree to their privacy and data policies.
- Are you the controller and or processor of your website data? Be sure to disclose this information especially if a 3rd party company is processing the data you collect.
- Do you explain to your website visitors how long the data you collect is held for?
- Are you using 3rd party software and or browser cookies? List out what this data is gathered for and its purpose.
- Do you provide a link to allow your users to opt out of not only your newsletters but also web browser cookies?
- If your website allows users to create an account, do you provide an easy way for them to update their account settings and account information?
So how can your business become GDPR compliant?