The General Data Protection Regulation (GDPR) is a regulation in European Union law on data protection and privacy for all individuals within the European Union and the European Economic Area. The goal of GDPR is to give control to citizens over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Does my website need to be GDPR compliant?
It depends. If you run a mom-and-pop shop in the middle of Kansas, you probably won’t be servicing any European customers anytime soon. However, if you sell internationally, or even collect any data from anyone living in the European Union, then you must become GDPR compliant.
If you are unsure if your website needs to be GDPR compliant, consider consulting with an attorney who understands the law.
What happens if my website is not GDPR compliant?
If your site does not comply with the GDPR you may receive a written warning for your first offense, or any offense deemed to be an unintentional violation of the GDPR. Subsequent offenses can be fined, with fines costing millions of dollars for very large international businesses.
Since the law just went into effect, we don’t know for sure exactly how the sanctions of this law will be enforced. Smaller businesses will probably stay under the radar for the most part, with a written warning being the most likely punishment.
Currently some large US-based websites are currently unavailable in the European Union as these companies are working to become GDPR compliant.
How do I know if my site is GDPR compliant?
For starters, make sure you have an up to date privacy policy that explains what user data is collected from your website, how it will be used, how long it will be stored, and how the user can have their data removed.
Be sure any data you collect is securely stored, and can be deleted after it is no longer needed, or the user request its deletion.
Ensure features such as newsletters and subscriptions are opt-in only. For example, if your contact form has an option to subscribe to your newsletter, it should be UNCHECKED by default. Any newsletter or subscription should have an option to easily opt-out.
Consider hiring a professional if you do a lot of business in the European Union to ensure you are following all GDPR protocols. Failure to do so could cost you business millions of dollars, and hurt your reputation severely.
0 Comments