What is the GDPR?
Recently, the EU passed a series of laws known as the GDPR, or the General Data Protection Regulations. These laws were originally made to stop big businesses like Facebook, Google, Apple, Twitter, and others from being able to save and sell user data en mass without user approval and affirmative consent. However, this affects almost any website that’s online today, unless you’re willing to block any and all traffic from the EU.
As websites have been getting ready to be GDPR-prepared, you have likely seen or received a lot of notices about updated privacy policies, and been pestered on your favorite social media to update your privacy settings with what you allow to be shared or not.
Does the GDPR apply to you?
Probably! And if it doesn’t right now, it likely will one day in the U.S. There are some handy tools to check such as this quiz (Click here!) or a checklist such as this one (Click me too!). If your business website doesn’t apply under either of these, you are likely safe from having to read any further. However for sure answers, you may have to contact a licensed attorney.
What happens if you’re not GDPR compliant?
The various European Union member states can sue for a non-compliant website to face severe fines of up to 20 million Euros or 4% of your company’s total revenue for a year, whichever number is greater. There are a few warnings that are to be delivered first, so this is not a final step, but it a steep enough fine that all companies should be worried about being approved under the GDPR. Even if you are based in the United States, these regulations apply if you do business with or if your website is seen by people in European Union countries.
What does the GDPR require?
The GDPR regulations require many different things, the biggest of which is consent from your users if you want to log ANY data about them at all. This can be anything from their IP address and what pages they click on (For Google Analytics), to usernames and passwords to have an account on your site, down to strict regulations about how they can be ‘forgotten’. Generally, in short, these regulations are as such:
In plain writing (No legal runarounds) the website must:
- Tell them who you are when you request the data.
- Say why you are processing their data, how long it will be stored, and who receives it.
- Get their clear consent to process the data. (No by default checked boxes.)
Collecting from children for social media? Check age limit for parental consent.
- Let people access their data and give it to another company at their request.
- Inform people of data breaches if there is a serious risk to them.
- Give people the ‘right to be forgotten’. Erase their personal data if they ask, but only if it doesn’t compromise freedom of expression or the ability to research.
- If you use profiling to process applications for legally-binding agreements like loans you must:
- Inform your customers;
- Make sure you have a person, not a machine, checking the process
- if the application ends in a refusal;
- Offer the applicant the right to contest the decision.
- Give people the right to opt out of direct marketing that uses their data. This includes no checked boxes for newsletters on email.
- Use extra safeguards for information on health, race, sexual orientation, religion and political beliefs.
- Make legal arrangements when you transfer data to countries that have not been approved by the EU authorities.
Where can you find out more about the GDPR and what it requires?
The EU has set up a great graphic on their site from the European Commission, you can find it here by clicking on this link.
How do your make your website compliant with these new regulations?
That’s a great question, and a lot of people have had to hire lawyers to figure out the specifics of these regulations. There are some emerging website and WordPress plugins that can help you make your site GDPR-ready such as this one. However, many of the early up-and-coming GDPR plugins will cost money for basic use depending on the complexity of your website and how much data you have to collect. StyleMixThemes offers a decent free plugin that can be added to your WordPress website from here.
We can help change your website in the small ways it takes to make it GDPR-approved. Things such as:
- Keeping a database of all saved customer info so it can be deleted or shared at their request.
- Adding affirmative consent to website forms or tracking.
- Editing or changing privacy statements/policies to match the new regulations.
- Setting up privacy settings on any website tracking such as Google Analytics.
As we move forward into these new times with more regulations and privacy rules, it’s important to keep right on top of the news and what it means for your business and its online presence. We watch all the top news and leading experts and their analysis of current trends so that we can help you make sure your site is compliant with important legislation like the GDPR.
If you think you’ll need help in navigating these new regulations, you can contact us here for a free consultation!