The new GDPR law goes into effect on the 25th of May, are you compliant?
GDPR stands for General Data Protection Regulations and is replacing the Data Protection Act 1998.
The Data Protection Act 1998 (c 29) is a United Kingdom Act of Parliament designed to protect personal data stored on computers or in an organised paper filing system. It follows the EU Data Protection Directive 1995 protection, processing and movement of data. Individuals have legal rights to control information about themselves. Most of the Act does not apply to domestic use, for example keeping a personal address book. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions. The Act defines eight data protection principles to ensure that information is processed lawfully.
It’s a large piece of legislation that’s tightening up the rules and regulations about how, when, and why someone can gather and use personal data.
“What’s personal data?” I hear you ask! Another good question – you’re on the ball today. The Information Commissioner’s Office (ICO) defines it as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”. Quite a mouthful. But basically, it means any information that, when combined with a second piece of information, could identify someone. So, names, email addresses, phone numbers, credit card data, etc.. all count as personal data.
I can not stress the importance of this enough. You need to protect yourself against being fined. This is serious stuff, the fine for non compliance of the GDPR is 4% of your annual revenue with a 20,000,000 minimum fine.
In case you are wondering that's.. 20 Million dollars Minimum...
Who does this Apply to?
Any person or entity conducting business online or offline in the US is bound by the regulation of the FTC.
Now, you need the minimum policies publicly available on your website for online businesses and clearly distributed in print to any offline businesses.
Now for the GDPR, this is in regards to the EU or European nations.
If any person from the EU can access your website, then for sure, these regulations apply. So, you must be compliant or risk being fined.
Here are a few tips to make your website more compliant
What private data are you currently collecting from your visitors/users?
1. Can visitors or users contact you via a contact form?
2. Can visitors or users leave comments on your site?
3. Is there a Store or an Order Form on your site?
4. Do you have a Message Board or use a Forum on your site?
5. Can site visitors chat directly via your site?
Disclaimer: The creators of this post do not have a legal background, so please contact a law firm for any legal advice.