Blog
To the Point: What You Need to Know About the GDPR
For those who frequent the internet, the last two weeks of May 2018 were witness to a slew of privacy updates. They came in the form of emails and site overlays from what seemed like every domain.
What might not have been clear at first, and may still be foggy for you is that a critical date has passed for compliance. If you’re a site owner, don’t panic, not yet.
The change in privacy rules, as outlined by the European Union, protects citizens of the EU of from data breaches. Not every site has to be compliant, not immediately, but it might be a good idea to get there soon.
This brief will cover what exactly the GDPR is, and why you should care or IF you should care, and what you should do when you finish reading.
It’s a quick read because you are a busy person.
What is the GDPR?
The General Data Protection Regulation or GDPR replaces the former Data Protection Directive (Directive 95/46/EC) passed by the European Union (EU) way back in 1995. Since that time, there have been a few changes to the internet so the EU felt it time to update the regulations.
The GDPR takes its cues from the headlines outlining data breaches in the last decade or so, not so much from the more recent data breaches you’ve seen with Facebook. The good news for users is that these updates will protect them more from the sort of oversights that happened with Facebook, hopefully.
For you site operators, the good news is that you won’t likely have to overhaul your site and policies as much as Facebook to be compliant.
The reason?
Few domains collect and sort as much personal data, but back to the GDPR…
Which data applies to GDPR?
In general, specific and personal data connected to users and collected by websites falls into this category. Without knowing specifically what that data entails, most folks can figure it out by considering what of their personal information they’d least like available via a Google search.
Start with the obvious:
- Name
- Contact information
- Map coordinates
- IP addresses
- Political party
- Religious ideology
- Blood type
That is nowhere close to a complete list, but you get the idea. Sites are still able to collect and analyse these data.
Heck, sites can even use personal data to customize ads or content based on that data, but they must make it super clear to the users. They also have to give users the autonomy to decide how and when sites can use their private data.
The key concept for sites that collect personal user data is transparency. Users can not suffer any lack of clarity about what you collect, and what you do with it.
Nor can sites keep them from opting not to let you do what you want with that data. That includes the right to completely delete oneself forever from a given site’s database.
Which sites should panic about the GDPR?
If this is the first you’re reading about the GDPR, it’s unlikely that you’re in trouble.
The most visible sites are large sites collecting unique personal data from their users. They’ve all been on this since April 2016 when the European Parliament and Council agreed upon the terms of the GDPR.
If you’re just starting out, you have time to get in line. Even better, if your site doesn’t do business with or collect the data of European Union users, you have nothing to worry about until that status changes.
That said, if you intend to grow that direction, compliance with the GDPR directives now would be a good idea.
But, panic? No.
What to do right now?
Regulators understand that smaller companies will struggle to get up to speed, but there will be a time when they start bringing down the hammer.
Don’t wait until the eleventh hour to consider these three easy questions…
- Am I doing business in Europe? It wouldn’t be a bad idea to make whatever effort you can to get compliant this week, especially if you do business in the EU.
- What data does my site collect now? A good place to start would be making a list of all the data you collect from your users.
- May we start collecting other data soon? While you’re at it, consider your plans to scale your business in the near future. The GDPR will not likely go away so start planning to get ahead of that collection now.
In reality, users expect the spirit of the GDPR regulations anyway. If they don’t, they will soon. Transparency and control are not going away. Privacy and breaches are on such thin ice, you can’t afford to be on the wrong side of the matter in any country.
If you have a legal consultant for online business matters, this would be a good time to check in for professional advice. At the very least, you’ll rest better knowing you’ve taken the best advice you can on the matter.
Tags: EU, GDPRCategorised in: Blog
This post was written by Damon Mitchell