The General Data Protection Regulation or GDPR is a law of data protection and privacy for all individuals within the European Union and the European Economic Area. In other words, GDPR is an EU-wide regulation that controls how companies and other organizations handle personal data.
“Even though it’s an EU regulation, organizations and website owners everywhere in the world need to pay attention!”
Why does GDPR compliance matter?
The GDPR was created to strengthen the rights of EU citizens regarding the collection and use of their data. The GDPR applies to:
– Any business or organization that offers goods or services, paid or free, to data subjects in the EU;
– Any monitoring of the behavior of data subjects in the EU.
A data subject is any person who is a citizen, resident, or simply a visitor to the EU. The regulations apply to data controllers (those who collect data from EU subjects) and data processors (those who process data on behalf of a data collector).
So, as you can see, this doesn’t just affect websites that are EU focused, it applies to any website that potentially serves EU customers or tracks behavioural data related to them. According to the text of the regulations, simply having a website that’s accessible to EU data subjects doesn’t make you subject to the GDPR. However, the intention to provide services to people there or track their behaviour (for example, for advertising) does. Failure to comply could cost you (or your client) up to €20 million or 4 percent of annual worldwide revenue.
You might be wondering how an EU data protection authority (DPA) could go after businesses outside the EU that don’t comply. At present, the answer isn’t spelled out, but experts say it’s plausible that the DPA could seek legal remedies and successfully shut down a non-EU service that’s violating the law. Then there’s the matter of those fines. Why risk becoming a test case?
What does GDPR cover?
GDPR lays out rules for the collection, use, and storage of personal data. The regulation:
– Gives individuals eight specific rights regarding their data.
– Lays out principles for protecting user data, incorporating security by design, and reporting data breaches.
– Specifies requirements for accountability or your responsibility to demonstrate that you comply.
In short, you must abide by the individual rights, ensure that you are properly securing personal data, and be able to document how you are doing so.
What is the definition of personal data?
Personal data is defined as any data that can be used to identify a living person, directly or indirectly. It includes things such as a name, photo, email address, personal bank or medical details, or a computer IP address. Here is an infographic about data protection.
What does the GDPR mean for my website?
Like a website and business owner who is offering services in the EU and using and processing any kind of personal data, you need to obtain prior consent from the website visitors. To obtain valid consent, you need to describe the extent and purpose of your data processing in plain language to the visitor, before processing any personal data.
All consents must be logged as proof and all tracking of personal data, also by embedded third party services, must be documented, hereunder to which countries data is transmitted.
How can we help you?
We can help you by developing a solution (plug-in) tailored to your needs that meet the requirements of the GDPR. This plug-in automates GDPR compliance for websites on the request regarding tracking and consent. As well enables you to monitor and document track on your website, display the relevant information to your website visitors, and automatically obtain and log all user consents. Just write to us at – [email protected] – and let’s talk!