Over the past few months we have been inundated with questions and concerns regarding the new European Union law ‘General Data Protection Regulation’ also known as GDPR. I’ve decided to put this content together to help clients understand the new regulations and what requirements are needed to make your website compliant.
Q: What is GDPR?
A: At its core, GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy. The reforms are designed to reflect laws and obligations – including those around personal data, privacy and consent in the internet digital age.
As of Friday May 25th, 2018 the European Union GDPR law went into affect for websites to be compliant with user data collection, tracking and user consent.
Q: Does my business being in the United States require to be GDPR compliant?
A: Yes and most likely probably. If your company or website has the ability for global business including collection of data, lead generation or sales from EU customers your website needs to be GDPR compliant. This includes eCommerce, hospitality reservation booking, physical or digital sales or service/sales leads outside of the United States. However if your business provides only local services (inside the United States) it is still recommended for best practice to be GDPR compliant. Having only a privacy policy or terms of service included in your website does NOT make it GDPR compliant.
Q: What can happen to by business NOT being GDPR compliant?
A: The EU law has specifically defined fines that can include from €10 – 20 million, or 2% – 4% of worldwide annual revenue.
Q: What is required to be GDPR compliant?
A: Below is a high level break down of website and data requirements from the EU for GDPR compliance. This is only a brief description and list requirements. Please visit the EU GDPR website (below) for complete details.
- Clear website integration of a ‘Privacy Policy’ and ‘Terms of Service’.
- Clear user notification of ALL website cookie tracking.
- This includes option to accept or deny (turn on or off) website cookie(s).
- Example of usual website cookies include – Google Analytics, Google Adwords, Facebook pixel tracking, campaign tracking, social media sharing (AddThis), etc.
- User consent of data collection/retention.
- Requirements include ‘Contact Us’ forms, Email campaign sign-ups, membership accounts, user blog comments, eCommerce purchases, prizes or giveaways (sweepstakes), etc.
- Provide option for users to unsubscribe from email campaign lists.
- Provide option for users to request collected data.
- Provide option for users to delete any collected data.
- Provide option for users to contact DPO (Data Protection Officer), usually the site administrator.
- Provide global email notification system to users for any data breaches.
Q: Will the United States be passing any laws similar to GDPR?
A: As of today there are no U.S. law requirements similar to GDPR. However, privacy concerns and data collection will continue to be an issue for ALL websites. Using best practices for data protection and user consent are recommend for any website moving forward.
Q: Are there other GDPR options I can consider for my website?
A: Currently, some of the GDPR laws are not clearly defined in a technical aspect. There are no programming guidelines or definitions for the usage of check boxes, pop-ups, links, HTML code, etc. Large online companies are spending millions on GDPR compliance and continuing to improve data protection for users and business policies. However some companies are considering blocking IP address located in the EU from visiting U.S. websites. This option is NOT recommended and only a temporary fix. This option will also not work for computers connected to VPNs (Virtual Private Networks) or proxies masking IP addresses.
Q: Where can I see examples of GDPR implemented?
A: Over the past month, Andexler.com has been busy working on a GDPR WordPress solution. We have fully implemented GDPR on our website for clients to see the different user options and privacy tools available. User consent can be seen in the pop-up footer along with privacy settings (cookie settings) and a complete “Privacy Center” including user tools to opt-out of data collection, request data collected, request to be forgotten and view current privacy settings.
Please visit Andexler.com (https://t9m.ec3.myftpupload.com) for complete demonstration. Additional features can be found in the footer links.
Q: Where can I find more information on GDPR?
A: Please visit the 2018 EU Website Portal for additional information and detailed requirements.
If you need assistance or help with your website GDPR compliance, please feel free to contact us for complete pricing as each website assessment, installation and requirements are project unique. We have developed a complete WordPress solution including installation, ‘Privacy Policy’, ‘Terms of Service’ creation, setup and customization.
Please Note: The included information provided by Andexler.com LLC is stated as recommendation and NOT legal advice. The services provided by Andexler.com LLC does not guarantee 100% full GDPR compliance. It is recommended to consult legal advice for any additional website GDPR requirements, legal and privacy policies and/or terms of services.
MAY
2018