What is GDPR and does it matter to me?

GDPR Explained

Last year regulations went into effect in Europe. They were put in place to help protect its citizen’s personal information while online. They are called GDPR, and they have a huge impact worldwide. How can European regulations have so much power? The internet is a worldwide entity, and because of that, every website has to take a look at its market and policies.

The basics of GDPR are based on users of a website have certain rights to the data that they are providing. This is especially the case for personally identifiable information. There are not currently any regulations like this in the United States.

Websites like Facebook store a great deal of personal information, yet there are no legal protections of that data. These companies don’t have to inform users of what happens to that information.  They can give other websites access to it and store it for as long as they want. There is also no requirement for them to completely delete the information even if you delete your account. That all changed with GDPR.

Does it Matter in the U.S.?

The short answer yes. It matters. How much it will impact your business depends on a few factors. Big companies that take in a lot of consumer data and market worldwide have to comply with GDPR.

However, if you have a small business website in the U.S. you may not have to comply, but you probably should. GDPR was designed to make things better for individuals so they know what data is being stored. It also gives them some control over how their personal information is used. If you are a company that does business in European markets, then you have to comply, no matter where your business is based.

If you don’t market to European markets and don’t plan on doing business there, it isn’t imperative that you become compliant just yet.  There would be no legal penalty, however, for most companies being compliant doesn’t require much adaptation. It also means you’ll be much better prepared if the U.S. enacts its own privacy law.

There are some non-legal penalties that may have an effect on your company. Google may eventually penalize websites that aren’t compliant by ranking them lower in search results. There may also be a consumer penalty. Studies show that websites tend to gain trust and customers if they have a privacy policy. Consumers are becoming increasingly aware of privacy. Being compliant and having transparency with your user data may have a huge impact on your sales or site traffic.

Is the U.S. Making a Law?

Last year major companies like Apple and Google started pressuring lawmakers to start working on privacy laws similar to GDPR. Several citizens groups have been pushing for legal protections and many states have started enacting some digital privacy laws. It is inevitable that a similar law will be made in the United States. The public is more aware of data breaches and people are becoming increasingly aware of how much personal information is actually being stored about them. 

What Should I Do?

The first thing is to know if you have an established market already in Europe. If not, then you have time. Otherwise you are already in violation if you haven’t made your site compliant and you should become compliant soon. If you don’t have business in Europe, there are a few things you should consider doing to become more compliant and ready for U.S. privacy laws. Dot Marketing will be able to help with understanding these laws and getting you on the right track so you avoid violations. 

  • Modify your privacy policy to include the following information with links to the privacy policy of the third party companies (If they don’t have one, they are not compliant, and you may want to consider using an alternative.):
    • Information on forms, login information, credit card data, email addresses, etc. 
    • Any third party code, plugins, or services that you may use. These may include email marketing services, analytics code, or form plugins.
  • Create or assign an email address where customers can request information about their data and then assign someone the task of handling those requests.  
  • As part of GDPR, users can request a copy of their data and can request its removal or correction.  Be prepared to have a way of providing this information within 30 days. You can charge a small fee for this service if you feel it is necessary.

Research should be done by whomever is assigned to handle GDPR requests to see if there is some other aspect of your business that needs to be looked at for compliance. Other than that, if you have done all these things, you should be compliant or pretty close.  When the U.S. makes its own law you’ll be that much more prepared for it.

Prepare by contacting Dot Marketing today, we will make sure you have all your bases covered.