A Caveat
This quick blog post is not comprehensive and is not written from a stance of expertise. It is meant bring your attention to an issue that might affect your business and online life, and to offer you potential first step towards getting better information and possibly expert help.
What is GDPR
The General Data Protection Regulation is a set of rules established by the European Union to better protect the privacy and data rights of EU citizens. It was ratified in 2016, it's in full effect on May 25th, 2018, and while it an EU regulation in can affect you and your business
What does GDPR do?
In a nutshell, it requires companies to be very transparent about the collection of personal data and the use of that data, and to make it very easy for EU citizens to refuse data collection and to have their data deleted. Noncompliance can mean big fines.
Am I affected?
Determining this is very complex and is an article unto itself. Here are some quick guidelines: If you're selling products or services to countries in the EU, you probably need to get compliant. If you're doing this online then absolutely you need to be compliant. If you're buying products and services from EU countries you might have to get GDPR compliant. If you do online marketing and collect email addresses and other personal data, and you have EU citizens on your mailing lists and in your database, you need get compliant. If you have EU citizens hitting your website and you're tracking visitors by setting a cookie, then you need to get compliant. If you're part of a multinational then chances are GDPR has already been addressed and you don't have to do anything. If your firm regularly sells in Europe then chances are someone has at least heard of GDPR in your organization. If you occasionally sell to the EU you should look into this. If you do any internet or email marketing then you should read on and update your privacy policy and a few other things to get compliant. If you aren't internet marketing then you have a whole different problem to address, which is basically why you aren't taking advantage one of the best ways ever to grow your business???
Getting Compliant with GDPR
Getting compliant can range from spending millions and hiring a Data Protection Officer to spending just about nothing and getting an updated Privacy Policy on your website. Below are some resources I collected that go into a lot more detail about this topic. As stated earlier, this article isn't meant to be comprehensive and full of expertise. It's a “heads up.” The resources below were chosen because they're easy to read and understand, get to the salient points quickly, and are immediately actionable.
- A general idea of how GDPR affects American Companies: https://www.hanzo.co/blog/what-us-companies-need-to-know-about-the-gdpr
- A summary of GDPR: https://www.dataiq.co.uk/blog/summary-eu-general-data-protection-regulation
- A compliance plan outline - useful information: https://termsfeed.com/blog/gdpr-compliance-plan/
- A GDPR compliant privacy policy is something that a lot of you might need - it isn't a bad idea in general if you've got a website: https://termsfeed.com/blog/gdpr-privacy-policy/#Examples_of_GDPR-Compliant_Privacy_Policies