If you spend any time online, you should have heard of the GDPR by now. Recent online privacy issues (Facebook, maybe?) have inspired European lawmakers to enact regulations that prevent businesses and individuals from obtaining personal information online for financial (or other) gain. While the GDPR rules over European nations, it holds ramifications for all nations in the present while certainly inspiring future regulations.
What is it?
The GDPR, which stands for General Data Protection Regulation, is a series of new regulations in the European Union that protects consumers’ personal information collected over the internet. The rules were approved in 2016, but went into effect in May 2018, which is why businesses are scrambling to understand the law and its ramifications.
Under the new law, companies must have the same protections for consumer browsing information like IP address and data collected through cookies that they do for consumers’ personal information like social security numbers, home addresses and phone numbers. In case of security breaches, your company must have a verified process to protect the consumer data you have on file.
Companies in violation of the rules are subject to “penalties of up to €20 million or 4 percent of global annual turnover, whichever is higher.” Yikes. Better get that straightened out!
Who does it affect?
Any business with a website that serves consumers in the EU. Yes, this is a very broad answer, but also true. If you collect personal or behavioral data from someone accessing your website in an EU country, your business is required to comply with the GDPR.
What do I need to do now? Do I need to do anything?
You’ll need to make sure the data you mine from countries in the EU is managed correctly and that your processes comply with the GDPR regulations.
Unfortunately, none of us holds a law degree, so we’re unable to give you legal advice in this regard. However, may we suggest a few official resources to help you take the next step in compliance:
Rules for the protection of personal data inside and outside the EU via the European Commission.
General Data Protection Regulation (GDPR) requirements, deadlines and facts via CSO Online.
Yes, The GDPR Will Affect Your U.S.-Based Business via Forbes.
US companies are not exempt from Europe’s new data privacy rules — and here’s what they need to do about it via CNBC.
After discussing these new regulations with your legal advisor, you won’t have to traverse the changes alone. When you’re ready to put your plan into action, Clementine Creative Agency can help you update and maintain your online presence so you’ll always have a handle on your brand’s presence on the web.
Header Photo by Scott Webb on Unsplash