What is the GDPR?
The GDPR, passed in 2016, is a set of rules enabled by the EU that aim to give European internet users more control over the information they submit online and how it is used. The core pieces of these rules include:
- Notification: There will be a 72 hour window where companies will need to notify regulators of breaches where a data breach is likely to “result in a risk for the rights and freedoms of individuals.”
- Access: Individuals can ask for confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. They can also request a copy of the personal data in an electronic format at no cost.
- The right to be forgotten: Individuals can ask for any PII (Personally Identifiable Information) about them to be erased and for third parties that have access to that data to stop using it. In other words, consent to collect and use data can be revoked.
- Portability: If an individual receives their data from one entity, they can pass it to another.
- Privacy by design: There is now a legal obligation to build systems with privacy as a core design element.
- Data protection officers: Entities that collect, store and use PII will need to appoint Data Protection Officers – these can be internal or external personnel – who will manage the processes associated with compliance with the GDPR.
(source: LifeHacker: What Is The GDPR And Why Should You Care?)
How does the GDPR affect US companies?
The GDPR applies to any company that is storing the personal data of EU citizens regardless of where in the world they are located. Since the internet is a global technology, this basically means that most websites in the world that store the personal information of their users have to comply with these regulations. Failure to comply with the GDPR will start with a warning for the first violation, but repeating violations can result in periodic data protection audits and heavy fines.
What does this have to do with privacy policies?
The GDPR’s idea of consent is a lot stricter than previous regulations, which means companies will need ask for permission to collect your data more often. You will be seeing “I accept the terms and conditions” popups very frequently from now on.
- What Personal Information is Collected
- How it is Stored
- Whether personal information is shared with 3rd parties
(For Example, MailChimp or Google Analytics)
- Any Third Party Advertisers on your site and links to their websites.
Helpful GDPR Links & Further Reading
What Does GDPR Mean For Business
UK Information Commissioners Office – Guide to the GDPR
The Ultimate Guide to WordPress and GDPR Compliance – Everything You Need to Know
There are several plugins that aim to help WordPress users with GDPR Compliance:
- WP GDPR by Appsaloon
- WP GDPR Compliance by Van Ons
- The GDPR Framework by Codelight
If you have questions about the GDPR or privacy policies, contact us and we would happy to go over it with you.