As our friends/overlords at Facebook would be quick to inform us, digital privacy is one of the biggest issues we face today. After spending decades mindlessly checking boxes that shared personal information with all manner of organizations, consumers are starting to realize that giving someone eternal access to their personal information in exchange for insight into what dessert they are was perhaps not an entirely fair exchange. Well, now the hammer is coming down on businesses and data. Set your eyes on May 25 of this year when the General Data Protection Regulation (GDPR), created by the European Commission is set to take effect.
Although GDPR covers a wide range of regulations and can seem complicated, it’s really all about maintaining user control of personal identifying information (PII). Here are three major aspects of GDPR that you, and your North American business, need to keep in mind as you work towards GDPR compliance…and a few resources to help you on your way.
(Extremely Obvious Disclaimer: Not only am I not your lawyer, I’m not a lawyer at all. This blog post isn’t intended to serve as legal advice. Also, as a rule, don’t take legal advice from web strategy blog posts at any time.)
1) All European Union Citizens Own His or Her Data
GDPR is very clear that EU citizens own their personal information. As “owners”, GDPR requires that users must opt-in to allow specific uses of any personal data. This is a departure from the opt-out options you commonly see today. Furthermore, it’s up to the company to clearly inform users of what exactly their personal information will be used for. Take special note of the word “clearly” in the previous sentence. Companies need to use clear, everyday language when obtaining user consent. Fine print and legalese aren’t going to cut it! Finally, EU citizens must be able to revoke access to their information just as easily as they granted it.
2) EU Citizens Have the Right to be Forgotten
4) And Now Some Resources
“But my business isn’t in the EU!” you exclaim whilst hoarding PII from 15 years ago. I hate to be the one to break it to you, but any business that collects information from EU citizens must be GDPR compliant. And, for those of you plugging your ears and ignoring me, ignorance of the law is not a viable defense. Plus, chances are good that similar rules will start popping up on this side of the pond sooner rather than later…and wouldn’t it be nice to be ahead of the curve? If you’re ready to get GDPR compliant but aren’t sure where to start, here are some resources to help you along the way:
- GDPR: Act Now Before It’s Too Late: This article provides an excellent overview of GDPR, and includes a useful checklist for any business owner trying to determine if they are within GDPR compliance
- WP GDPR Compliance, Cookie Notice by dFactory, GDPR: This trio of WordPress plugins do an admirable job of covering all the major GDPR bases to get your website GDPR compliant.
- iubenda GDPR guide: iubenda provides an exhaustive explanation of the nuances of GDPR compliance and can also assist you in generating new privacy policies for your own website.