GDPR isn’t something that happened overnight. In fact, the law has been slowly creeping to fruition since 2011. The onslaught of revised policy terms marked the day the law finally went into effect: May 25, 2018. And, now that this date has come and passed, any website that hasn’t updated for GDPR compliance is considered non-compliant.
What’s does GDPR entail?
There are numerous stipulations involved with GDPR, but at a high level, it’s all about protecting consumer data. GDPR is both an evolution and a replacement of the 1995 Data Protection Directive — a set of early-internet guidelines on how important data should be handled. As the internet has evolved these past 20 years, so has the need for better data oversight.
In a nutshell, GDPR strengthens consumer data rights. Individuals can demand their personal data from companies and request that it be deleted or limit how it’s shared. Every company that collects and uses consumer data is subject to the law, from eCommerce sites to social media platforms to marketing agencies and beyond.
From the European Union to the world
GDPR is the culmination of efforts by regulators across the European Union (EU). And while the law specifically encompasses companies operating in the EU, ramifications ripple worldwide.
Because we live in the age of globalization, any company in the world can do business with any citizen elsewhere in the world. By nature, this means EU citizens’ rights to control their data also extends to companies located in the U.S. As a result, global companies like Facebook, Apple, and Google have had to become GDPR compliant, despite having their headquarters in the U.S.
If your website welcomes guests from the EU — which it almost certainly does in some capacity — it needs to be GDPR compliant. It’s as simple as that. What’s less simple, is getting your data collection and handling processes to be compliant.
The GDPR compliance checklist
If you’ve lagged behind the GDPR compliance deadline, it’s paramount to get your act together as quickly as possible. The penalties for non-compliance can be steep. Here’s a quick checklist for understanding and implementing GDPR guidelines:
- Assess data type you collect and store relative to your site’s visitors.
- Do you obtain it fairly and with consent?
- How long are you holding it?
- Look at your process for handling customer data once you’ve obtained it.
- Are you storing that data in a secure way?
- Do you have a process in place to audit your data protections?
- Do you need to hire a Data Protection Officer?
- Do you have a way to provide data to customers who request it?
- Inform customers of your data practices in a transparent way.
- Is there a defined policy on data retention or disposal?
- Are your data collection procedures documented?
- How is data protected when shared with third-party partners?
- Do you have a process for informing customers of a data breach?
GDPR may seem like a huge headache if you haven’t started the compliance process, but ultimately it shouldn’t be too hard to conform if you’ve been honest and upfront with your data collection habits. Consider GDPR a necessary step in keeping your customers’ data safe and your reputation untarnished.