As a website designer/builder, I should have been way ahead of this. But as you may know, it’s complicated and time-consuming to dig through the info about this legislation.
So what the heck is this thing?
The General Data Protection Regulation (GDPR) is legislation that protects people from misuse of personal data and data breaches. It protects privacy, regulates data use, ensures responsibility, and ensures that consent is given by web visitors when any of their personal information (data) is collected.
“But I’m a small business. My website doesn’t capture data from web visitors!”
Oh, yes it does!
This legislation doesn’t mess around – web browser “cookies” are included in the definition of data and all sites will need rock-solid Privacy Policies and Cookie Policies (Get 10% Off Custom Legal Documents that update automatically)
The GDPR states that if a website collects, stores or uses any data related to an EU citizen, it must comply with the following:
- Tell the user: who you are, why you collect the data, for how long and who receives it.
- Get a clear consent, before collecting any data
- Let users access their data and take it with them
- Let users delete their data
- Let users know if a data breach occurs
The full text of GDPR includes 99 articles (about 54,000 words and 143 pages in a Word document) that sets out the rights of individuals and the obligations of organizations covered by the regulation. These include allowing people easier access to the data companies and organizations have collected about them, clear responsibility of businesses and organizations to obtain clear consent from people they collect information about.
Even though this is a regulation passed by the European Union, the Internet is global and your site can be visited by anyone from anywhere…so yes, if you have a website you need to take steps to be in compliance with this law. If you’re found to not be in compliance, you can be fined up to 20 million Euros.
Yes, this is serious.
The GDPR applies to your website if it:
- Features a Contact Form
- Contains an Opt-in
- Sends Emails to Customers
- Has Google Analytics or other tracking software installed
- Collects payments
GDPR compliant Privacy Policies and Cookie Policies – Use iubenda to create legal documents customized exactly for your website (get 10% Off)
Your policies are monitored by an international legal team and automatically update as needed so that you’re always in compliance. Low annual fee for complete peace of mind.
How to prepare for the approaching General Data Protection Regulation
Here’s a great article for those with WordPress websites
Email Marketing – Compliance for Opt-in Forms
- MailChimp has GDPR compliant forms.
- AWeber’s blog article explains why GDPR is a good thing for email marketers.
If you use Google Analytics you have received email notices informing you that you need to go into your account and confirm your Data Retention Settings before May 25, 2018. Don’t ignore these notices! If you do not do that Google may delete some of your data collected before 5/25/18.
It will only take you a few minutes – Click on the link Google sent you. You will want to learn more about it and possibly adjust your settings later. But for now, all you need to do is confirm the settings in your Google Analytics account.
**Disclaimer: I am not a legal expert on the GDPR, but I can help you with the basics if you have a WordPress site.
Obviously, not every site that’s out of compliance is going to be discovered on May 26th, as a website owner, you need to get your compliance ducks in a row.
I’ll be working around the clock over the next few weeks, helping my current clients get their websites ready.
If you need help, get in touch. I’ll take a look at your site and let you know if I can assist you.