Many people and organizations are scrambling to understand what is the GDPR and what should you be doing?
What is the GDPR?
Basically, it is an approach to give control to individuals concerning their personal information and how it is shared with businesses. What personal information are we talking about? Any information that can be used to identify an individual. This includes:
- Name
- ID number
- Location
- IP addresses
- Browser cookie
- Mobile device IDs.
- Any information that can physical, physiological, genetic, mental, economic, cultural or social identity
The GDPR is the acronym for the General Data Protection Regulation that is required by the European Union (EU). This new regulation determines how personal data of European citizens can be used by businesses. It will go into affect on May 25, 2018. The GDPR has an increased territory scope, new penalties and a clear defined consent.
What is the territory scope of the GDPR?
“First of all, I don’t live or work within the EU so why should I care?”
One of the biggest misconceptions is that the GDPR only affects EU businesses. The truth is it not only covers European based business but anyone processing the personal data of EU citizens. So, this means if you use any personal data from contacts contacts that are citizens of the EU then you should be updating your privacy policy to include the GDPR.
What are the penalties for the GDPR?
The GDPR clearly identifies the penalties an organization can be held to if a breach of regulation is found. It is a tiered system with the maximum fine up to 4% of annual global turnover or 20 million Euros.
A clear defined consent
No longer can companies use drawn out legal terms and documentation to communicate their policies. They now must use a clear and concise method to inform individuals of their intent concerning any personal information. This consent can be through a simple form provided by the business to the individual.
What should you be doing?
Before you do anything, you should contact your legal authority and ask them to review your current policy. The rules laid out by the GDPR clearly identify that any business that has collected personal data in the past, currently or in the future will have to update their privacy policy. In addition to the policy it may be necessary to have a consent form available to individuals within the EU.
In addition to updating your privacy policy, it is encouraged that you reach out to any third-party company that you use to collect any data. This could be a database, credit card process or other resource that collects or houses personal information for you. Major companies have already updated their policies and you may have already seen these notifications. Regardless, it is still a benefit to you if you understand your role and whether or not you need to do anything else.
Available GDPR Resources
We realize that you may have questions or need direction in gathering more information. We’ve compiled a short list of resources to help you and your organization.
European Commission
The European Commission has provided a useful guide that outlines the GDPR and steps needed to be compliant.
Update to WordPress
The latest WordPress update has added 95 maintenance improvements including tools to enhance privacy and control over user data. It even contains a guide on how to write a privacy policy.
How to add a privacy policy
Privacy policies are required by law and its important to know what goes into one. This is a useful article that outlines how to add a privacy policy on your own.
MailChimp
MailChimp has outlined the GDPR and provided useful resources to help track and identify individuals that may fall within the required consent. They are also providing a useful consent form that can easily be embedded onto any website.
If you currently use any Google resource you should have seen their policy update emails within the past few weeks. In addition to their policy changes, they are also modifying how certain data is retained. You have control to modify this as it reflects your internal policy.
