What is GDPR and why should you care? It’s an EU Regulation (the General Data Protection Regulation) going live on 25 May 2018 with the goal of protecting the processing of personal data for socio-cultural or financial activities (source). You’ve likely been hearing about it a lot recently as the 25th is rapidly approaching and social media privacy has been in the news a lot lately thanks to Facebook.
First: I am not an attorney and cannot provide legal advice. If you have questions about the legality of what you need to do, I urge you to find one who is qualified to help you with this topic. This post will provide some basic information about what GDPR is and the available tools for small business owners.
But I’m not located in the EU!
These rights are applicable when an EU citizen buys goods and services from non-EU companies operating in the EU. (source)
But I’m small!
These are common sense data protection rules which you should probably be using anyway. There are some financial penalties if you don’t take care to protect the privacy of your customers. As a SME you won’t need to hire a compliance officer, but they still expect you to protect the privacy and data of your customers.
That was clear as mud!
If you conduct a lot of business in the EU, please find an attorney! The rules set forth in GDPR provide individuals with the right object to collection, access/export their information, correct errors, and erase it (aka the right to be forgotten). That means organizations need to provide transparency and up-front informed consent in addition to creating audit trails during data processing and storage. It also means that they need a way to provide users with their information.
The deadline and some fear mongering online and at certain media sites (that it’s an onerous burden and hard) is what I believe is causing the stress and anxiety. If you’ve been taking a good faith effort to keep your sites up-to-date and secure you shouldn’t need to do too much to be compliant!
If I determine I need to take actions to be in compliance, what might I need to do?
You need to approach this commonsense law on two fronts. There’s the data that you as a website owner collect if you sell anything. That needs to be in compliance. There’s also a need for you to reconfirm acceptance of policies with the third-party services you use. (This is why tech documentation is helpful!) You may need to update software or include a new checkbox or two to your forms. It’s frustrating because of all the different pieces of your technology that you need to pay attention to all at once in order to dot all the i’s and cross the t’s for this new regulation.
Three suggested action steps:
- Accept updated terms and conditions on services you use, two examples include (a webhost) and mailchimp.
- Review your own website policies and amend if necessary.
- Make sure your WordPress core files, theme, and plug-ins are up-to-date. Many of the plugin developers are working hard to make sure they can help you be in compliance. Some plug-ins that are working toward that include WooCommerce 3.4, Jetpack 6.1, Yoast SEO. If you are unsure about a particular plugin, look at its website and contact the developer.
Additional Resources
- EU GDPR
- Instagram launches “Data Download” tool to let you leave (Tech Crunch)
- What You Need to Know about GDPR, the EU’s New Data Privacy Regulation (Craft Industry Alliance)
I hope you found this brief introduction to GDPR helpful. If you would like additional assistance please contact me.