You might have noticed that around the 25th of May, your inbox was flooded with updated privacy notices from websites that you use every day and some that you used once 6 years ago when you needed to download that free thing for work and they required an email address. While this may come as a surprise, all the websites didn’t collude to blow up people’s emails.
You can thank the European Union.
The EU passed a huge regulatory law in 2012 on data protection and it took effect officially on May 25, 2018. Here’s a Wikipedia description of GDPR:
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
So what exactly is the GDPR?
GDPR is a new set of rules that gives EU citizens more control over their personal data through a variety of reforms. However, it applies to any person or business that offers products or services to EU citizens (so basically every website ever). Under GDPR, personal data includes name, address, photos, IP addresses, medical and genetic information, biometric data, political opinions, gender preferences, and more.
NileHQ has summarized the regulations into 6 concise themes:
1. Know what you have, and why you have it
2. Manage data in a structured way
3. Know who is responsible for it
4. Encrypt what you wouldn’t want to be disclosed
5. Design a security-aware culture
6. Be prepared – expect the best but prepare for the worst
As companies scramble to become GDPR compliant (and thus avoid the very steep EU fines for non-compliance), they are notifying their customers of changes in data management and privacy policies. That’s why your email box is getting hammered lately.
What does this mean for you?
If your website is visible in the EU, you are probably affected and need to become GDPR-compliant sooner than later. You might not need to do any more than update your privacy policy, add some consent buttons to your forms, and notify your email subscribers that you will continue emailing them. But you may want to retain an attorney or GDPR consultant to help ensure that you are in compliance.
The High Road Agency takes data protection laws very seriously and has been rolling out GDPR compliance to our clients. If we can help you update your site, give us a call.
In the meantime, here are some resources to read up on GDPR:
- The full GDPR law
- The law as an infographic
- A great article by Doug Peckover on being a U.S. based business with GDPR ramifications
- How the EU will be litigating and prosecuting for non-compliance
- The good, bad, and ugly of GDPR
0 Comments