Keeping the information you collect and store on your website secure should always be a top priority. You want to make sure your website is safe for both you and your users. With the increase of data breaches, it is important that you know what, where and how you are storing information on your website. This is especially important due to the GDPR privacy law.
What is GDPR
General Data Protection Regulation (GDPR) is a privacy law that was approved on April 14, 2016, by the European Commission. Enacted to help protect the rights and personal data of EU citizens, this new law will go into effect on May 25th, 2018. This will replace 95/46/EC Directive on Data Protection and Cookie Law previously used in the EU and expand their scope and reach.
Who GDPR Impacts
The short answer is every website.
All organizations that registered or have subsidiary EU territory, and/or process personal data of EU residents are subject to GDPR regulations. This means without being able to verify EU citizenship/residents of web traffic from an EU territory, personal data processed should be treated as subject to GDPR. So, if you deal with any traffic from an EU territory your website should try and meet GDPR compliance.
Why GDPR Compliance is Important
Not meeting GPDR compliance can result in fines of up to 4% of the annual worldwide turnover or €20 million, per infringement. Additional fines may also apply for the mishandling of personal data or the failure of notifying authority and data subject. Aside from the fines, having the knowledge and processes in place to protect the data collected on your website is a good practice.
Steps for GDPR Compliance
2. Review the data you are collecting
Making sure you have a full understanding of the data your site is collecting is very important. Assigning a data protection officer (DPO) to help monitor and manage your website’s data can make sure it meets compliance requirements. Additionally, making sure you are requesting consent when collecting personal data through a form or eCommerce checkout can promote transparency with your website’s users/visitors.
3. Review your third-party services
Most websites employ third-party services to help manage everything from analytics and tracking to marketing and user engagement. These third-party services usually end up collecting personal data from your website’s users/visitors and in turn have to meet GDPR compliance themselves. As a customer of these services, making sure you understand what changes they have made to meet GDPR compliance is important, as it can affect the data they hold on your website’s behalf.
This has only been a brief mention of some of the key points covered in the new GDPR privacy law. You should also review many of the resources listed below and research this topic in greater depth to learn how it may affect your website and business directly. Hopefully, this article has gotten you to think about how you are processing and managing your website’s data to help make the internet a safer place.