If you are a business owner or are in charge of a website that collects users data in Europe, you might be lost in the Abyss of GDPR. It is easy to become overwhelmed with all of the new regulation and could be very difficult figuring out what all needs to be done in order to be GDPR compliant. If this is the case, do not worry, we have you covered!
GDPR holds companies accountable for how they handle individual’s data. Going into effect in May of 2018, this revolutionary legislation will provide a uniform rule set for all of Europe, replacing the ‘Data Protection Directive’ of 1995. Under this legislation, user’s sensitive personal data as well non-sensitive personal data is protected. This includes genetic data, religious and political affiliation, sexual orientation, or any other information that could give away an individual’s identity. Anything that can creates the “destruction, loss, alteration, unauthorized disclosure, or access to” an individual’s data must be addressed to the states data protection regulator. If there are any chances of a breach that has caused a destructive impact (financial loss, confidential breaches, impact on reputation), the ICO must be informed of the breach within 72 hours. If the data being collected is deemed destructive or unauthorized, the company involved will be issued a fine. GDPR imposes a sanction of up to €10 million, or 2% of a company’s global turnover, or for larger companies €20 million and 4% can be fined. This is an astronomical markup from the €500,00 that used to be imposed.
In order to protect your company from financial loss or lawsuit, there are a few measures that can be employed to ensure GDPR compliance:
- Utilize Online Contract Forms to let users know what their data is being used for. For example, when asking for e-mail, phone number, or address from clients specify “this is how we will contact you” to show transparent intent with data collection. Make sure to disclose to users what their information is being used for, including an opt-in box stating that they consent to being contacted
- Add an Opt-in Tick Box, ensuring that customers are giving you consent to see and use their data. It is a good idea to employ this mechanism on a users first time visiting your website, allowing an initial decline or consent for cookie usage. Your website should be available even if users do not consent to cookie usage, however it should not include an option to personalize the page.
- Only collect information that is imperative for data processing! Make sure to not keep data for longer than what is ABSOLUTELY required!
- Be sure to clean up your E-mail Marketing! GDPR protects its users from spam or junk mail. E-mail recipients should have to opt-in to receiving future email newsletters, updates, and promotions. If opting in goes ignored, users should be removed/unsubscribed from the mailing list until further notice.
GDPR has been referred to by some as the ‘doomsday’ of online marketing. Advertisers have seen several large firms fall victim to specific breaches, creating a compliance concern. If you are sure to transparently cover all cookie usage by employing these steps, you and your organization will be fully GDPR compliant! If you are still unsure about the steps to become compliant, or are worried about your users privacy protection implementation, do not worry! We are delighted and ready to help you!