Now, bear with me because this blog is about to be a beast. There’s just way too much information and too much on the line for this to be your standard, scannable blog content. Now let’s discuss the newest Big Bad Wolf of the digital industry: GDPR (General Data Protection Regulation).
What Is GDPR?
I’m assuming (or at least hoping) by now you’ve heard of GDPR and what it entails. Here’s a quick snapshot of the new regulations:
- Specifically targets how businesses utilize European user data, including credit card information, email address and even photos.
- Fines for non-compliance can be upwards of €10 million (approx. $13,353,400) or 2% of a business’ annual revenue.
- Will still impact and regulate businesses and websites outside of Europe.
But I’m In The United States…?
This point deserves a bit more attention than just a bullet in a list. Because the internet operates globally and websites can be accessible by all, regardless of their country of origin, all websites with the potential to reach European users must be compliant.
“This regulation applies to the processing of personal data … in the Union, regardless of whether the processing takes place in the Union or not.”
— GDPR Regulation, Article 3
- Get Organized: First things first, find your data. All of it. Organize every piece of user information you have in order to get a full grasp of the types of data you’ve collected, how you have used or plan to use it and how long you intend to keep it,
- Reach Out: If you have collected information from users in the EU, reach out to confirm that users are actively consenting to your business accessing/holding their information. If they do not consent, you must delete their information prior to GDPR taking affect.
- Create New Policies: Now that you’ve organized what you already have, start to create policies and plans for future data capture. This includes active opt-ins for both cookies and any additional information capture.
- Document Everything: Document all of your GDPR compliance efforts in case there is any scrutiny into your efforts.
There is so much more that goes into GDPR than we were able to include into one blog post. Please, stay informed and read up on all the nitty gritty details of what’s needed to be compliant. Below are a few helpful links to aid you in your efforts.