The GDPR has been taking the world by storm and affects websites, newsletters, and all sorts of other aspects of doing business online. It is important to understand what the new regulations mean and how you can make sure you are compliant. It will make it easier for you to do business with those in the EU regardless of your business is located.
What is the GDPR?
The GDPR (General Data Protection Regulation) is a data protection reform that is taking place across the European Union in order to fit the needs of the digital age. It is a framework that’s designed to help consumers protect their privacy more effectively regarding the data that is shared online and potentially stored by websites and online businesses.
The GDPR establishes standards that need to be followed. The reason for the standards is to avoid data breaches and for people to know more about what kind of information is being stored about them, ranging from full names and phone numbers to IP addresses and credit card numbers.
Who must follow the GDPR?
The GDPR must be followed by any business that operates in the European Union as well as businesses and organizations that may have customers in the European Union. This impacts everyone around the world simply because of the way the Internet works. Anyone in the European Union who visits a website outside of the EU should still have the same privacy, which means that any business or organization that maintains a website should adhere to the GDPR since there is always a possibility of an EU resident landing on a website.
Additionally, it’s important to know that there are obligations that are expected by the GDPR. This includes maintaining records of personal data as well as understanding how it is processed. This will also place a higher legal liability on a business or organization if their data is breached.
What needs to be done?
There are several things that will need to be done to adhere to the GDPR. The first thing is to understand what personal data includes. This includes IP addresses, sensitive personal data, as well as biometric data. Anything that could identify an individual is considered personal data under the General Data Protection Regulation.
There are several things that may need to be adjusted on a website:
- Site visitors need to be informed of cookies, the capturing of IP addresses and anything else. Further, they have to opt-in to such using an actionable motion that goes beyond a pre-checked box
- Site visitors/customers should be able to opt-out at any time
- Any data stored on a customer needs to be clearly identified
- If a customer requests to know what information is stored on them, a business/organization will need to provide the information
The goal is to establish trust between the site visitor/customer and the website. This ensures that someone can use a website and know what is being collected. If someone doesn’t want a cookie placed on their site or their IP address collected, they have the ability to opt out.
Further, businesses/organizations have to do their due diligence at safeguarding all of the information that has been collected. If at any point there is a breach where there has been unauthorized access to the data or any of the data has been lost, there will be reports for a business/organization to complete under the new regulations.