General Data Protection Regulation (GDPR) Update & What You Should Know

GDPR

I’m sure you’ve seen some emails come in from various companies with updates to their privacy policy over the last few weeks.  If not you might be on a remote island with no Internet connection. 😉 These emails all have to do with the upcoming changes in the EU.

We are quickly approaching the European Union’s deadline of May 25th for the new data protection law. Even though the changes take place in the EU the impact is global.

The below info is meant to help with this transition. But it’s important to know that I’m not an attorney so please check with your attorney or legal team to make sure that your business is in compliance with this new law.

GDPR (General Data Protection Regulation) — What is it & what does it mean for you?

Well this has been a long time coming and we’ll most likely see something in the United States as well soon. With all the security breaches over the last few years the EU decided to tighten up the rules for companies that collect data. In the end this gives more control to the end user. Finally! 🙂

First of all the changes will impact your business if you collect any data whether it be through tools like Google Analytics  if you’re tracking who visits your website or MailChimp if you have an email signup form. The EU has a great infographic that explains this.

What does it mean to be GDPR compliant?

In short, GDPR’s purpose is to give people more power to protect their personal data, and it requires businesses who collect that data — whether it be names, addresses, email addresses, phone, IP, etc — more transparency on when and how it’s used.

Here is what you need to do:

  1. Tell them who you are when you collect any data,
  2. Get clear consent to process their data,
  3. Allow people to access their data,
  4. Inform people of data breaches,
  5. Give people the right to be forgotten, 
  6. Give people the option to opt out of direct marketing that uses their data,
  7. If you use “Profiling” to process applications there’s a bunch of new rules,
  8. Use extra safeguards for sensitive info like health, race and more.

What should I do now?

Well, that part depends on your situation. You may need to bring it to your legal team if you operate internationally, or have a lot of moving parts. You should probably review this helpful infographic/website to get familiar on how it might effect your business.

If you use WordPress, there is team of core developer that are working together to help plugin developers quickly get up to code. You can read more over there as well (https://www.gdprwp.com/).  Next, you’ll need to evaluate the process for data collection, how you make it accessible on-demand, and update your Terms of Use.

What we’re doing

We’re updating our privacy policy to be in line with the changes and making sure that our newsletter signups are compliant. Right now we’re collecting emails when people download our resource guides and that can be deceptive since we don’t explicitly tell them we’ll be emailing them our newsletter. We also have a call scheduled with our attorney Jon Tobin with Counsel for Creatives to talk more about this to make sure we’re covered.  We’re also going into Google Analytics and selecting the date range for the data retention option so it’s in compliance.

If you’d like to hire us to do an audit of your site to make sure it’s in compliance or implement the changes I’ve suggested above please reach out today!