What’s All the Hype with GDPR?

There has been a lot of buzz around another acronym, GDPR, otherwise known as the General Data Protection Regulation.  (Why is it that people love to create acronyms in order to make something appear really complicated?)   If your business is based in the European Union (EU), or you process the personal data of people located in the EU, the GDPR affects you.  

Simply stated, GDPR is a new regulation to protect the information and personal data individuals within the European Union (otherwise known as EU.)  Because this new regulation will be in effect on May 25th, 2018, you may be receiving a lot of emails from any sites that you have provided your email address to informing you of their updated Privacy and Cookie policies.  You may have even received an email from Google regarding your Google Analytics account that looks like this:

Screen Shot 2018-05-24 at 8.08.52 AM.png

If you have Google Analytics, all you need to do here is check out your settings and check off how long Google will hold on to the data you have collected. 

You can choose how long Analytics retains data before automatically deleting it:

  • 14 months
  • 26 months
  • 38 months
  • 50 months
  • Do not automatically expire

When data reaches the end of the retention period, it is deleted automatically on a monthly basis.

What is changing with GDPR?

There are several things that are being updated with GDPR, but one of the most important things is that businesses are more transparent about how they are using your personal information.  

  1. Your customer must have easy access to their personal data.  Basically, you must be ready to make their personal information readily available and easy to access.  
  2. Your customer has the right to switch service providers with ease.  If your business has to share data across organizations or your customers have the option to switch between services, you must ensure that they can do that smoothly and securely. 
  3. Your customers must give clear consent to the processing of their personal data.  Basically, you need to aim for explicit consent by your customers.
  4. Your customer has the right to object to the use of their data for the purposes of ‘profiling.’ This requires increased transparency.

So...What does all this really mean, and do I have to do anything?  

I know this is a major question on pretty much everyone’s mind right now.  The reality is that if you collect any website user information like Newsletter signup, contact form, free download request or an appointment request, you should consult with your lawyer to make sure you have the proper policies in place.  In addition, if your website uses cookies, and by cookies, I am not referring to the soft, chocolate chip kind, you may need to update your policies to reflect the changes in regulation.  HTTP cookies are small pieces of data sent from a website that is stored on your computer while you are browsing through the website to make your user experience faster. So, the first thing you need to do is to seek legal counsel and prepare your Privacy notices and terms and conditions.  

Here are a couple of great legal resources where you can get more information:

Once you have sought legal counsel and updated your Privacy Policy and/or Terms and Conditions, you pretty much have 2 options on what to do:

  • Send an email to your current lead list requesting them to opt in again with the reminder to review your privacy notices and terms and conditions, and cookie policies.
  • Send an email to your current lead list informing them of your commitment to protecting and safeguarding personal data.  Be sure to include a statement of acknowledgment, basically letting them know that by them continuing to use your website they accept your updated policies and notices.    

As always, if you have any questions or comments, please write them below.  Specifically, I want to know how you handled the new GDPR?