What is GDPR – General Data Privacy Regulation and What it means for online businesses.
What is GDPR?
GDPR is an extensive set of regulations that gives citizens who live in the European Economic Area (EEA) and Switzerland more control over how their personal data is collected and used online. GDPR introduces a lot of new rules and if you’re up for a little light reading, you can check out the full text of the regulation online. But here are a few of the most significant changes:
Read the complete GDPR here Trust us, it is very very long.
The important improvements are below.
- Be more Transparent about personal data
Companies that collect personal data are forced to be more transparent about the data they collect and how it would be used.
Also the methods of data collection and what is collected must be clearly informed to the people. Also they can only collect information that is relevant to the purpose it advertises. If the company decides to use the data for a different purpose later , they need to take permission from each person.
- Communicate clearly with the consumers
Persons have to take actions to express their intent to give personal details.
No pre-filled checkboxes. It promotes inaction to give up your data unintentionally.
- Companies need be able to provide proof of the steps they take to be in GDPR compliance.
- The collected personal data must be protected.
GDPR requires the companies to inform the consumers of a data breach within 72 hours. if the data breach happened because of non-compliance, a company can be fined heavily as high as €20 million or 4% of the company’s annual global revenue, whichever amount is greater.
- Users right to be forgotten
Do non EU businesses need to worry about GDPR?
Because your business isn’t based in Europe doesn’t mean you dont need to implement GDPR. If a company is based outside the EEA but conducts business in Europe, collects data about European users, markets themselves in Europe, or has employees who work in Europe, GDPR applies to them too.
This is just a scratch on the surface in GDPR , some businesses use peoples personal data massively for their marketing. These companies will be affected most with many clauses in GDPR which is designed to uphold the rights of the citizens.
What do I do about GDPR?
If you are not sure about how GDPR affects your business, first talk to your legal advisors first. Then with them consult your internet technology experts to evaluate your situation and take immediate and long term remedies to be in the compliance.
May 25th, 2018
This is the date GDPR is set to go in. If you are not sure whether your site is in the compliance by that time, a wise ,move would be to temporarily shutdown for the public and work on getting in to compliance.
What are the main things to check on my site for GDPR ?
- Make Google Analytics settings GDPR compliant
- Update Privacy policies, forms, & cookie notices as required by GDPR.
Declare all the cookies used and their purposes.
- No re-marketing to Referrals.
- Email marketing – only clearly double opted emails. Inform clearly and give opt out.
No pre-filled signup forms for subscriptions.
- Gated content – there are specific instructions to follow. Please read more about this
- Google Adwords – Consent required to show personalized ads.
- Third party plugins that my use your customers data –
e.g. A payment gateway might store your users location and bio-data. If the gateway is not GDPR compliant, you are NOT too.
Disclaimer : This is not a complete guide to get your site to GDPR compliance. Please read the full text of GDPR here for a complete understanding. It is a difficult task to understand and implement GDPR by oneself without professional help specially when your website is complex.
Please get a legal adviser and your web master/ IT manager to work on GDPR and continuously monitor your compliance to stay out of trouble.
We will be updating this article when we collect more information. Please check again soon.