GDPR… what?
You may have noticed that lately, you are receiving emails from various companies sharing their ‘new transparency’ privacy policies and terms of service. You may already know about these changes or you may be thinking, ‘why do I keep getting all these?’
Well if you own a website, this affects you even more. First, what is GDPR? It stands for General Data Protection Regulation and it goes into effect on May 25, 2018. The EU (European Union) passed a data privacy regulation (2 years ago) that is meant to support privacy as a fundamental right and it gives EU residents rights over their personal data.
You might, at this point, say “wait a minute, I don’t live in the EU.” While this may be true, the U.S. has decided to support this policy in order for U.S. citizens to become compliant with these regulations. (It is aimed more at big businesses who have a presence in the EU. This does not currently affect U.K. citizens due to Brexit. However, they are working on a similar policy for their country.) In other words, we should have the right to our privacy too; but only because the EU is forcing it on us by saying if one of their citizens comes to one of your sites and you haven’t outlined what information you are collecting, why you are collecting it, for how long you plan to keep it and what you are using it for – then you can be in violation of the regulation and could be subject up to €20M or 4% of your company’s annual worldwide revenue, whichever is higher.
This means you must allow EU residents to control their access, the ability to remove, revise or correct information you have on them, to allow them to be permanently removed from your database when/if they choose to, request limited use of their personal data or they don’t want to be included in analytical data you are collection or targeted marketing, they have the right to tell you to remove them and you must do it. Since it is currently difficult to separate out where your visitors are coming from due to VPS and VPN, it is easier to allow everyone to modify that information. You just have to have a privacy policy and terms of service statement that notifies your website visitors or their rights.
There is a lot of information out there that discusses these issues. Even though you are based in the U.S. – if you have an EU resident come to your website, you are required to meet the regulations. As an example, if a person signs up for your mailing list, you need to have a place they can check off whether they are agreeing (consenting) to opt in or out, and that they have read and understood your T.O.S. (Terms of Service) and privacy policies.
According to the European Commission, “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
Other helpful reading:
http://www.wpbeginner.com/privacy-policy/
Website designed by Dynamic Graphics Website Development, Sequim, WA
(c) 2017