Have you noticed the slew of emails hitting your inbox with updates to Privacy Policies yet?
That's because the new General Data Protection Regulation (GDPR) comes into force on May 25, 2018 and if you have a website, you're going to want to read this to avoid hefty fines.
Here's what you need to know to ensure your website is GDPR compliant.
Disclaimer: Nothing on this website should be considered legal advice. We are marketers, not lawyers.
1. GDPR applies to every organization and businesses across the globe (not just in the EU).
2. After May 25, 2018, fines for non-compliance are set at up to 4% of a company’s annual global revenue OR €20 million (whichever is greater).
3. The GDPR is 200 pages long but in a nutshell, GDPR is supposed to protect public users data and hold businesses to a higher standard for how they collect, store and use that data.
4. Personal data that is protected includes: name, emails, physical address, IP address, health information, income, etc.
5. Most websites already collect personal data or use integrations that collect data, like email marketing software, social media pixels, Google Analytics - all the data marketers use to create, execute and track campaigns.
6. To make sure your email and website is GDPR compliant, you want to follow these 3 main aspects of the GDPR:
1) Get explicit consent for communications (no spamming people please!),
3) Report any breaches of data collection, storage or use within 72 hours to appropriate authorities (no cover ups)
7. No matter what, be sure to check in with a lawyer to get specific info for your business on GDPR compliance. For example, depending on the size of your organization you might need a data protection officer.
8. Being GDPR compliant basically makes the internet a better and more transparent place for everyone, so it's worth the time.
As GDPR rolls in, everyone will be making important changes to Privacy Policies and Terms of Service. Before issuing fines, it's likely that if you make an effort to become GDPR compliant, any non-compliance with GDPR would most likely result in a reprimand or warning.
GDPR is new for everyone so there's a learning curve as digital practices come up to speed with new data rules but all in all, it's aimed at making the internet a safer and better place for everyone.