Beginning on May 25, The General Data Protection Regulation (GDPR) will come into effect across the European Union. Adopted by the European Parliament in April 2016, the GDPR was designed to specify how customer data should be used and protected. It replaces the Data Protection Directive established in 1995 and harmonizes all data privacy laws across Europe.
What is it?
Designed to give more control over personal data, the GDPR looks to address the export of personal data outside of the EU. According to CNN, long before hacks, security breaches and data leaks became a common occurence and GDPR aims to combat that by expanding and updating data rules that have been in place since 1995.
It focuses on the following concepts:
- Consent - GDPR requires that data processors must obtain consent for all data use and terms and conditions must use clear terms. You’re also required to allow users to withdraw their consent as easily as it was to give.
- Breach Notifications - In the event of a data breach, data processors must notify controllers and customers of any risk within 72 hours.
- Right to Access - Data subjects have the right to obtain confirmation from data controllers of whether or not their personal data is being processed. Data controllers must be able to provide a free electronic copy of all personal data to data subjects.
- Right to be Forgotten - Data controllers must erase all personal data and cease its dissemination at the data subject’s request as long as the data is no longer relevant to its original purpose.
- Data Portability - Individuals can obtain and reuse their personal data for their own purposes by transferring it across different IT environments
- Privacy by Design - Data privacy must be included from the onset of designing systems and implement appropriate technical and infrastructural measures.
- Data Protection Officers - Professionally qualified officers will be appointed in public authorities or large organizations (>250 employees) to monitor or process sensitive personal data
What does it mean for you?
If you are an EU consumer, you can expect to see more privacy warnings and consent request. According to CNN, the new rules mean that “tech companies can no longer assume users want to hand over their data. Companies must now count on the opposite and reflect that in their services and products.”
One example of this would be mailing list sign-ups. Rather than companies automatically signing a user up for their mailing list and then offering an unsubscribe option later, companies now have to clearly seek consumer consent ahead of time. CNN reports that some companies are already asking consumers if they wish to remain on email marketing lists.
These changes were designed to create safeguards for consumer data rights and inspire trust and confidence within the digital space for EU citizens.
Who does GDPR affect?
The new legislation applies to any and all businesses involved in processing data to citizens within the EU, regardless of whether or not your organization resides in the EU. It is thought to be the strictest data framework currently in existence.
Businesses that are found non-compliant to the new law can face hefty fines. European regulators can impose fines of at least €20 million ($25 million) or up to 4% of annual global sales.
What Can You Do?
- Clean Up - Remove all unused plugins and add-ons you’re not currently using. Take a closer look at the plugins and add-ons you’re currently using and make sure they’re preparing or ready for the new GDPR standards.
- Check Your Hosting - Make sure your current hosting is GDPR compliant. If you’re on shared hosting, ask your current hosting provider what the updated policy is regarding their server software and how often they check on their key software packages.
- Inform Your Visitors of Cookies - Website cookies collect and store data to help target users with ads as well as functional cookies used towards things like analytics tracking. Make it clear to your users before placing any cookies through notified consent, such as a pop-up appearing on screen that explains what each cookie does.
- Keep Your Team Involved - Inform your team of the changes coming and make sure everyone is aware.