What does this mean for you? Well, If you are a U.S. based company doing business and marketing in the U.S. only – it means nothing. Other than the fact that these new regulations are fast being considered good business practice, you don’t need to worry about anything.
If you are a U.S. based company who does do business in the EU or collects data from residents of the EU, you are subject to these regulations. Any third party services you use to collect and store data are also subject to these regulations.
This sounds like a lot, doesn’t it?
As PayPal’s blog on getting GDPR ready so nicely puts it — don’t panic.
In a nutshell, the GDPR is simply looking to protect the personal data of EU citizens. Ninjaforms blog on GDPR Compliance and WordPress Forms summed up what this means in a nice, short, 4-point list:
- Request the explicit consent of every user before any data collection takes place. Requests must be in clear, plain, easily understandable language free of legalese. It also must stand alone from other matters or requests and not be buried in other text.
- Have a means for users to request access and view the data you have collected on them.
- Provide users with a way to withdraw consent and purge personal data collected on them; i.e. the “Right to Be Forgotten”.
What does this mean in terms of your site?
For most of our clients, this just means some due diligence on your end. As an organization, you need to sort out who you collect data from, what type of data you collect, what do you do with it, and why. And then you should consider the following:
A clear opt-in message if you are using cookies to track users. Users have to have the active choice to select whether or not they want to be tracked. See the image below for an example.
Google Analytics. It is currently not legal to store personal data in Google Analytics (and we’re pretty sure none of you do that anyway). However, under the GDPR, IP addresses are now considered personally identifiable information and may need to be scrambled should someone choose to opt-out of being tracked.
The ICO put together a nice clear list of Eight Practical Steps for Micro-Business Owners. This is geared specifically towards small business in the UK, but it breaks down what you need to know and/or do in digestible chunks.
What this comes down to is, again, don’t panic.
Below is a list of resources — information on the GDPR that we have found to be helpful and a list of what some of the third party companies that we know our clients may use are doing to ensure their compliance with these new regulations.
- ICO’s Online Guide to the GDPR
- ICO’s Eight Practical Steps for Micro Business Owners
- Navigating the EU GDPR
- PayPal’s blog on getting GDPR ready
- What Small Business Owners Should Know About GDPR and Why
- Google Analytics
- WordPress and WordPress Plugins
- Gravity Forms
- Contact Form 7
- GDPRiS (GDPR in Schools)
- Achieve Technology – no info readily available. Contact your representative for information.
Please remember that we are not lawyers, nor do we claim to be experts in everything GDPR. We highly suggest you consult your lawyer on the specific terms of GDPR and how they may affect your particular situation.
Make Your Site GDPR-Friendly
We can help get your site up-to-date