Have you heard of GPDR or “General Data Protection Regulation”? This is a European Union regulation that affects all websites that collect and store personal data of users from the EU. The regulation goes into affect on May 25th 2018. It was drafted to help citizens of EU countries, control and protect their person data. This data includes but is not limited to:
- IP Address
As a website owner you must update your privacy policies of your website to include statements about how you plan to use the data provided to you by users. You must also update this policy to inform users how they may retrieve any data that is being stored or erase this data from your system. This data has to be provided to them in a portable format.
If you website has forms. The GPDR stipulates that you must let the user offer their consent to collect this data. This means that all forms on your site must have a check box that allows the user to agree that you can collect the data in the form.
You must protect the data transmitted to your site and stored on your site. This means that must update the security on your website. If you have not employed the use of HTTPS or SSL connections to your site now is the time to get that setup. Also now is a good time to make sure you are keeping your website, especially if you use WordPress or Drupal) up to date.
If your website does not comply with the GPDR you can get sanctioned up to 4 percent of the annual worldwide turnover or fined up to €20 million (the higher of the two), per infringement. This could be a huge burden.
If you care to see the full GDPR regulation you may view it at https://gdpr-info.eu/
How To Be GPDR Compliant
Consult a Lawyer – We aren’t lawyers, so it is in your best interest to seek legal counsel. We have put this article together to help you get started and jump start your understanding of how this regulation affects you and your website.
Decide how to comply with requests for data– You need to decide and come up with an action plan now for how you will respond to requests for data. If you get a request to provide the data you collect or remove the data you collect for a user, what are the steps you need to take. You also need to have a person in your organization be responsible for complying with these requests. Future versions of WordPress will help you comply with these data requests but some plugins may not offer this feature.
Modify your web forms – If your website has forms you need to update those forms to notify your users that you are collecting data.
Help With GPDR
If you need help with getting your website into GPDR compliance we would be happy to assist you. Drop us a line!