Did you recently receive updated privacy policies from all your favorite websites? Are you curious why companies around the world are suddenly changing their site’s terms and conditions? The reason why is Europe’s new GDPR law, which is influencing the internet policies of businesses both big and small.
What is the GDPR Law?
The European Union’s GDPR law, which was passed in April 2016, became effective at the end of May.
“The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU),” according to Investopedia.com. “The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based.
The GDPR is applicable to all companies that deal with the data of citizens of the European Union, even if those business are located in the United States.
How does it affect my Website?
The GDPR forces websites to strengthen their conditions of consent. Companies are no longer allowed to use vague or confusing statements when asking users to share personal data. It also prevents sites from bundling consent agreements for different services.
The European law aims to give consumers more control of their personal data. As a result, websites must alter how they are storing and allowing third-party access to that sensitive information.
Frequently Asked GDPR Questions
1) What is Personal Data?
Websites today store many types of personal data as a way to learn about and target potential customers. Common data types collected include:
- Name
- Address
- Localization
- IP address
- Cookie data
- Income
2) Who does the GDPR affect?
Technically, the GDPR law is applicable to any company that collects and/or processes the personal data of European Union citizens. However, it is having an effect on internet policy far outside Europe.
Regardless of your business location, if a citizen of the EU submits a form to your website, you must handle the data collected within the regulations of the GDPR.
3) What are the Penalties for Non-compliance?
Businesses who fail to comply could receive serious penalties. The European Union could seek to collect up to four percent of your annual global turnover or 20 million euros ($24.6 million), whichever is larger.
3 Steps to GDPR Website Compliance
1) Understand how your Website is Collecting and Using Data
First, you should understand where and how your website is storing personal data. For example, does your website have applications or tools that request information about potential customers? If so, the GDPR may apply to you.
2) Reevaluate and Document your Data Collection and Usage Processes
Next, learn more about the security measures you currently have in place to protect personal data. Now, may be the time to update them. If you are storing data internally, you should set a policy to purge data at regular intervals.
3) Update your Privacy Policy
Then, you will need to update your privacy policy to put it in line with the GDPR. Your new privacy statement could include:
- A description of personal data collected
- Explanation of customers’ rights to their data
- Information about how a security breach would be handled
Although the GDPR is technically a European law, it has already proven to have far-reaching influence. It’s highly recommended that your company take this opportunity to revisit how it deals with personal data collection.