GDPR. Say What?
We're guessing you've heard these four letters A LOT over the last month. We're here to help you make your website GDPR-compliant.
Before we talk about how, let's talk about why. What is GDPR?
The GDPR is Europe's new data protection law, which replaces the previous 1995 Data Protection Directive. According to the EU's GDPR website, this legislation is intended to
"harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy."
Basically, it expands the regulation's territorial scope and strengthens privacy protections for individuals, through more stringent consent requirements, data breach reporting, the "right to be forgotten" and more.
Oh. Whew. I'm not in Europe. This doesn't apply to me, right?
Not so fast, friend. The GDPR applies to any and all companies processing personal data in the EU, even if your business isn't located there.
Non-EU companies need to comply if:
- the company is a controller or processor of personal data of data subjects in the EU
- the company offers goods or services to EU citizens (for a price, or for free), or monitors behavior of EU data subjects. Note that even an American citizen only temporarily located in the EU is protected by the GDPR.
Can you put that in simpler terms, please?
Given the increased territorial scope and broad definition of personal data— which includes any information that can be used to identify someone, whether through direct or indirect means— the GDPR will impact many US-based companies. Most online services involve the use of personal data, particularly IP addresses, so if your company is offering goods or services accessible to EU citizens (for pay, or for free) or monitoring EU citizens' behavior GDPR compliance is likely in order.
How do I know if I need to be in compliance with the GDPR?
If your business does any of the following, you will need to run a self-audit to ensure compliance.
- You embed content from other sites or use social widgets (which then sends data to those sites).
- You collect information for your email list.
- You run any kind of forum or subscription service through your website.
- You sell products or offer freebies on your site.
Understand that making necessary changes for compliance is a good thing. Your audience and your customers value their privacy, and this is your opportunity to show them that you value it as well. In the end, consumers want transparency and authenticity, and while doing so may avoid fines, it also protects your brand reputation.