YES, And…


GDPR: A European Law With Big Consequences On All Websites

G.D.P.R. – These four letters are about the change the way we handle website data & personal privacy around the world. General Data Protection Regulation (GDPR) is a landmark privacy law that goes into effect in the EU (Europe Union) on May 25, 2018. This law is designed to expand the data privacy protections of individual persons located in the EU at the time the data is collected on ANY website that markets to, tracks, or handles their data.

If This Is an EU Law, It Doesn’t Affect My U.S. Business, Right?

Wrong. GDPR is umbrella-protection for individual persons located in the EU at the time the data is collected, even if the companies they do business with are outside of the EU. If you receive traffic from individual persons within countries in the EU, you are subject to the guidelines of this new law.

I Don’t Actively Market EU Customers. Does This Still Concern Me?

If you are not actively blocking traffic from the EU, then there is a chance you will receive traffic from someone located in an EU country. You should take the necessary steps to comply with the law.

How Important Is GDPR? What Are Some Of The Consequences of Non-Compliance?

Because this law is just rolling out, the true ramifications of non-compliance remain to be seen. However, lawmakers and privacy advocates in the EU are taking this very seriously. Facebook and Google were hit with $8.8 billion in lawsuits on the day this law went into action. Though it is likely the main targets of such scrutiny will be big data companies with a large presence in Europe, we are all under GDPR’s jurisdiction.

What Should I Be Doing to Prepare For GDPR?

Here are a couple of questions you should ask yourself, and some steps you should take:

  • Figure out what type of data you are collecting on your website. This could be anything from personal information from sign-up forms, to cookies you are placing on individuals’ browsers so you can remarket to them.
  • Have a clear, concise privacy policy written out on your website, explaining to visitors how you use the data you actively and passively collect on your website. For example, if you are placing cookies for remarketing purposes, explain how you will use those cookies.
  • Decide how you will ask visitors for permission to use their data. This could be in the form of a pop-up window they see when they first hit the website, or a banner that “floats” throughout their browsing until they give you consent.
  • Install and maintain SSL encryption and other safeguards to protect individuals’ information that is stored on your server.
  • Talk to your lawyer about the specifics of the law and how it could affect your business.

Still Got Questions?

While we’re not lawyers, I think the above information is enough to get you started. GDPR is revolutionary, and its impact will take some time to fully be appreciated. However, now’s the time to prepare. If you have any questions, reach out to us today for some directions on what your next steps should be.