What is GDPR? General Data Protection Regulation (GDPR) is an European Union law that applies to any company that collects data of any form from its users. United States businesses targeting EU residents must also abide by these new requirements. You've likely seen GDPR requirements and privacy notices in the news a lot lately (alongside apps, inboxes and website pop-ups). So what is all the commotion about and how does it impact your website, if at all?
What is GDPR?
What is GDPR? General Data Protection Regulation symbolizes a major shift in data privacy regulations in the EU. The main goal of the GDPR is to reform data privacy laws in how companies can access, retain and re-purpose user information. GDPR has had an enormous impact on the entire world; everyone from lawyers and entrepreneurs to web developers and small business owners are affected by GDPR compliance.
Who Does GDPR Apply To?
As of May 2018, GDPR applies to any organization that collects user data from EU citizens. While many United States companies have been implementing GDPR compliance on websites in non-EU locations, this is mostly voluntary. If your website offers products, services or marketing targeted at EU-users, your website must be following GDPR compliance. According to Forbes,
"If an organization offers goods or services to, or monitors the behavior of EU residents, it must meet GDPR compliance requirements."
Companies Already Facing GDPR Complaints
Less than a month after GDPR requirements went into effect, several websites have run into issues. According to the BBC, both Google and Facebook are facing accusations of breaking GDPR. It also reports on many other tech companies that have become uncompliant. The most immediate action some companies have had to take is to disable their site for visitors located in the EU. Lee Enterprises, a publisher with 46 daily newspapers in the US, provided this statement:
”We're sorry. This site is temporarily unavailable. We recognise you are attempting to access this website from a country belonging to the European Economic Area (EEA) including the EU which enforces the General Data Protection Regulation (GDPR) and therefore cannot grant you access at this time."
2018 is a landmark year for data privacy protection reform. Many companies located outside of the EU are at risk of noncompliance which threatens user privacy and the threat of severe fines. According to the European Commission,
"Stronger rules on data protection mean people have more control over their personal data and businesses benefit from a level playing field."
What is GDPR Compliance
What is GDPR compliance? Following GDPR regulations requires that you understand how users engage with your business technology, such as website hosting, traffic analytics and lead generation tools. With fines as high as €20 million or 4% of a company’s total global revenue, it's very important to be aware if you're impacted by these GDPR requirements.
How GDPR Requirements Affect Websites
Most modern websites are configured to collect data in a variety of areas. Your website may need to follow GDPR requirements even if you're just monitoring an EU user's behavior on your homepage. A few of the more common data gather points that are impacted by GDPR regulations include:
- Contact Forms
- Email Marketing
- Data Collection Policy
- Data Storage and Usage
Do You Need to Be GDPR-Compliant?
You are affected by the law if you:
- You monitor user behavior for EU users;
- You store data previously collected on EU users;
- Offers goods or services to EU users;
How to Become GDPR-Compliant
- Ask for Consent from Your Customers
This is commonly achieved via a cookie and privacy disclaimer followed by an opt-in consent form on a website landing page.
- Gain a Firm Understanding of User Rights
To be GDPR-compliant, the law requires that you have a clear understanding of the data privacy regulations, terminology and enforcement.
- Implement a Data Map for Minimization
The regulation’s minimization strategy entails collecting only the bare minimum of data needed to perform services before destroying the data after the task has been completed. This includes the entire data collection process: collection, storage, usage, transfer, processing and disposal.
Case Study: Charter Jet One
Make Your Site GDPR Compliant with Blennd
At Blennd, we do more than just stay current on the latest digital marketing, design and SEO trends. Our Denver web design team can help your business implement privacy notices and other elements of a GDPR-compliant website. We hope we've helped answer your question, "What is GDPR compliance?" and that you have a better understanding of General Data Protection Regulation. Contact us today to start your website project.
- European Commission: Rules for Business and Organisations and Rights for Citizens
- Columbia Journalism Review: How GDPR Impacts Publishers
- edu: How the EU's GDPR Empowers Digital Civic Engagement
- Vox: Data Rights Are Civic Rights - GDPR in the US
GDPR Fact Sheet
- Eurpean Commision: New Era for Data Protection in the EU (PDF File)