Many people and organizations are scrambling to understand what is the GDPR and what should you be doing?
What is the GDPR?
Basically, it is an approach to give control to individuals concerning their personal information and how it is shared with businesses. What personal information are we talking about? Any information that can be used to identify an individual. This includes:
- ID number
- IP addresses
- Browser cookie
- Mobile device IDs.
- Any information that can physical, physiological, genetic, mental, economic, cultural or social identity
The GDPR is the acronym for the General Data Protection Regulation that is required by the European Union (EU). This new regulation determines how personal data of European citizens can be used by businesses. It will go into affect on May 25, 2018. The GDPR has an increased territory scope, new penalties and a clear defined consent.
What is the territory scope of the GDPR?
“First of all, I don’t live or work within the EU so why should I care?”
What are the penalties for the GDPR?
The GDPR clearly identifies the penalties an organization can be held to if a breach of regulation is found. It is a tiered system with the maximum fine up to 4% of annual global turnover or 20 million Euros.
A clear defined consent
No longer can companies use drawn out legal terms and documentation to communicate their policies. They now must use a clear and concise method to inform individuals of their intent concerning any personal information. This consent can be through a simple form provided by the business to the individual.
What should you be doing?
Available GDPR Resources
We realize that you may have questions or need direction in gathering more information. We’ve compiled a short list of resources to help you and your organization.
The European Commission has provided a useful guide that outlines the GDPR and steps needed to be compliant.
Update to WordPress
MailChimp has outlined the GDPR and provided useful resources to help track and identify individuals that may fall within the required consent. They are also providing a useful consent form that can easily be embedded onto any website.
If you currently use any Google resource you should have seen their policy update emails within the past few weeks. In addition to their policy changes, they are also modifying how certain data is retained. You have control to modify this as it reflects your internal policy.