What You Need to Know About General Data Protection Regulation (GDPR)

What is the GDPR?

The General Data Protection Regulation (GDPR) establishes a strict guideline, passed by the European Union (EU), on how data collection has to be processed and controlled. This new protection law increases safeguards for individual’s data rights and generates more transparency on the web.

Essentially, companies doing business in the EU now must disclose to individuals how their personal data is being used by websites and provide the ability to stop their data from being collected. Another key aspect of the law requires companies to delete any previously collected data when requested.

How does this law affect businesses in the United States?

This law applies to any organization that processes or collects personal information from an EU resident. Non-compliance to this law could potentially lead to fines up to $20 million Euros or 4 percent of annual revenue, whichever is the higher amount.

We believe it is in the best interest of every business and organization to become GDPR compliant for several reasons. First, companies build a strong rapport with customers when they proactively operate in a way that protects the customers’ privacy and interests.  The alternative requires a company to block all traffic from European visitors, a logistically difficult and expensive task. Accordingly, United States’ businesses should strive for GDPR compliance to protect customers and to avoid getting fined.

What is considered personal information?

The GDPR defines personal information as “an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Basically, this means personal information is any information that can be related back to its source person.

What if an EU resident or person in the EU happens to look at your site or business, could you potentially be fined?

Probably not. Businesses or organizations that explicitly target customers or users in the EU will fall under the GDPR guidelines. Businesses or organizations who have unknowingly collected personal information from EU residents will likely be forgiven, but the motives of businesses or organizations will be determined by the E.U discretionary courts. So, that’s when the law becomes somewhat subjective.

How can a company become GDPR compliant?

There are four basic steps to becoming GDPR compliant.

1. Know where the information from your site gets stored.
2. Identify and categorize the personal information you take.
3. Label each piece of data, where it is stored, and who can access or see the data.
4. Inform the public.

The GDPR says the information you provide must be transparent, concise, and easily accessible. A company’s privacy policy should inform consumers about the data collecting on their site. It should include items such as:

• What tracking solutions and third-party systems you are using
• How long will the cookies last?
• Are you using email solutions?
• Are you using google analytics?
• Where can they opt out?
• Where can they delete personal information of them?
• How will you document the deletion?
• How will the data be deleted?

It is also recommended to create a privacy notice. The privacy notice informs consumers that you are making an effort to be GDPR compliant. The privacy notice should answer questions such as:

• What information is being collected?
• Who is collecting it?
• How is it being collected?
• Why is it being collected?
• How will it be used?
• Who will it be shared with?
• What will be the effect of this on the individuals it concerned?
• Is the intended use likely to cause individuals to object or complain?

Finally, you need to provide a tick box allowing consumers to check; Yes, I accept cookies, or no, I do not accept cookies on your website. This option gives a clear intention that your consumer’s consent matters.

GDPR Compliance Shows You Put Customers First

While GDPR seemed burdensome at first, we understand it is an effort to protect customers and individuals’ data rights. Compliance simply shows our customers that we value them and the information they choose to share with us. These steps are something the public generally desires anyway, so we value the chance to meet their needs.

If you have questions about specific aspects of GDPR and how to meet these guidelines, feel free to contact one of our specialists and investigate steps toward compliance and increased customer satisfaction.