Disclaimer: this blog post is written by a content strategist and it’s not legal advice.
If you’re like me, this week you received a bunch of emails titled “URGENT, DON’T DELETE: GDPR.”
First of all, if you aren’t familiar with the new GDPR rules – aka the General Data Protection Regulation from the European Union (EU) – then you’re in good company! Don’t panic.
At Verdin, we’ve been closely following this topic. Keep reading for an overview of what GDPR is and what the requirements mean for all of us.
WHAT IS GDPR?
GDPR is a new set of rules that tell us what we’re allowed to do with the details we collect online. With a compliance date of May 25, 2018, it’s more important now than ever before.
We’ve all heard about the big data breaches. From doctors’ offices to huge retailers, we’ve all probably signed a privacy policy at some point, and later received the unfortunate letter in the mail informing us that our data may have been compromised. The GDPR is designed to protect internet users in European markets from cyber attacks or hacks like these.
Although it is a good idea to update your terms and privacy policy on a regular basis, it is important to do so immediately if your US business matches any of the following:
1. A reasonable amount of people who are on your email list or who visit your site are based in the EU and the UK.
2. You use EU-based languages to market your goods and services.
3. Your domain name ends with an abbreviation that’s EU-based (e.g., .co.uk for the United Kingdom, .es for Spain)
4. You accept payment in Euros.
5. You target European countries for sales, including the United Kingdom.
If you fit into any of the above, consider connecting with an attorney to guide you through the updates you’ll need to make in order to be compliant.
WHAT HAPPENS IF I DON’T COMPLY?
Now, big fines are being threatened. The other (arguably greater) risk for non-compliance is being removed from social sites or software that manages websites and email lists.
These are big risks, but easy steps can help you fall into compliance.
HOW DO I COMPLY?
STEP 1. ADD A PRIVACY POLICY AND TERMS & CONDITIONS TO YOUR SITE.
Your terms and conditions tell people what is and is not allowed. For example, if you do not want people right-clicking and sharing your images, that’s where you would state this.
A privacy policy is slightly different from your terms and conditions. It tells anyone who visits your site what information you’re collecting, from cookies to names and emails. It also tells your visitors what you do with this information.
Privacy policies have always been required by US law, and setting up terms and conditions for your website visitors has always been a good idea. This step is nothing new for business owners, but having a GDPR-compliant privacy policy looks a little different.
STEP 2. OPT-IN Consent IS REQUIRED.
Unfortunately, where Step 1 used to be enough, it is no longer sufficient under the GDPR. One major change is the way you get consent from the visitor when they opt-in for your content.
Visitors need to manually give a go-ahead to start receiving your emails and updates. Sites need to make sure any opt-ins aren’t checked ‘yes’ by default upon purchase if the purchaser is from the EU.
STEP 3. KEEP LEARNING ABOUT THE GDPR.
Our knowledge is all theoretical until the EU starts enforcing the GDPR, and we don’t know when that will be. Stay informed and learn from others in your industries as this enforcement rolls out.
Verdin will continue to track updates and keep our clients informed of necessary changes. Be sure you’re following us on Facebook, LinkedIn, Twitter and Instagram to follow along.
