By now, I’m sure that you have received an numerous emails from various websites to whom you have subscribed discussing GDPR and its impact on your relationship. Besides invading our mailboxes, what is the purpose of GDPR?
EU General Data Protection Regulation (GDPR) is the new European regulation concerning online data protection and user rights. It will increase data protection and prevent Facebook’s Cambridge Analytica scandal from reoccurring. This regulation came into effect on 25 May 2018. It will offer a higher level of disclosure into how companies, websites, businesses, and persons use and protect your personal information.
What is GDPR?
GDPR stands for The General Data Protection Regulation. It is a European Union law intended to offer more data protection. It gives European citizens greater control over their personal data while implementing a better data privacy approach that applies to organizations across the world.
According to its text, GDPR is “designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.”
Companies that do not respect these changes and do not put them into practice will face hefty penalties. After 25 May 2018, companies face fines equating up to 4% of a company’s annual global revenue or 20 million euro, depending on which one of them is greater.
Primarily, companies will receive a written warning, followed by a reprimand of regular data protection audits and, in some cases, a suspension of data processing. The financial fines are applied if companies continue to violate the law. This is the driving factor behind the invasion of emails notifying you about GDPR and its changes.
GDPR applies to all businesses and companies no matter their size and location (they may be or may not be in the European Union).
The main objective of this European regulation is to offer greater protection to the average internet user and prevent their data from being handled in a reckless way and/or for data breaches. This pushes all companies, including large and influential companies such as Google and Facebook, to put greater focus one the the protection of people’s rights.
Preparing your company for GDPR
While you may feel overwhelmed by the emergence of GDPR and its many requirements for your business, once you understand the purpose of GDPR you will realize its necessity within the modern technological context. GDPR was established to protect users’ personally identifiable information (PII) and to raise a higher standard for a businesses in terms of data collection, storage, and use.
In this context, personally identifiable data includes names, emails, physical addresses, IP addresses, health information, income and so on. It should be collected in accordance with the rules.
Below, you will find the most important aspects that you need to know about GDPR:
- Consent should be explicit. This means that you cannot send unsolicited emails to people, despite obtaining their information through a completed contact form on your website or otherwise, unless they have explicitly opted-in to receiving your marketing newsletters. Explicit consent is consent that requires a positive opt-in, with clear language and separated from terms and conditions.
- Data rights. There should be clear information on where, why and how people’s data will be stored/processed. An individual can download their personal data and have the right to request the deletion of data.
- Notifications about possible data breaches should be issued. Reports should be issued to the relevant authorities within 72 hours of a data breach. If a breach is considered of high-risk, the affected individuals are to be contacted also.
- Data protection officers. Public companies and companies that process large amounts of personal information should appoint a data protection officer. If you are a small business, then you don’t have to.
Important steps to take
Depending on what platforms you are using, you will find some useful tips below that will help you put GDPR in practice. There is no need to to panic. Most platforms have already introduced the steps that you need to follow in order to be GDPR compliant along with ways to correctly implement these changes.
1. If you are using a WordPress website
The platform is now GDPR compliant following the addition of several enhancements within the platform. You will see the following tool:
In order to make things easier, below you will find a list of recommended plugins that will help you with GDPR compliance:
MonsterInsights – this is the add-on that Google Analytics provides for being compliant to with EU legislation.
WPForms – it is a user-friendly contact form from WordPress that offers important features adapted for GDPR compliance.
Cookies Notice – this is very useful for adding EU cookie notice. It integrates well with top plugins like MonsterInsights and others.
OptinMonster – this is an advanced lead generation software tool that offers clever targeting features to boost conversions while being GDPR compliant.
2. If you are using Google Analytics
GDPR is here. There is no need to panic if you are feeling unprepared. Inform yourself about the aspects that you need to cover and begin implementing the necessary changes as soon as possible.
The role of GDPR is to offer protection to online users and to restore people’s trust in online businesses. It is also in place to prevent data breaches similar to Yahoo or Facebook from happening again. Correctly implementing these changes will help to boost consumer confidence and eventually lead to the growth of your business.
Don’t forget to properly inform yourself using the following online resources: