Posts

What is GDPR?

The GDPR Explained. What is it? Who does it apply to?

GDPR stands for General Data Protection Regulation. It is the European Union’s new regulation – in full enforcement on May 25, 2018 – that safeguards the personal data of individuals in the EU. What is interesting about this regulation is that even though it’s EU-based, it applies broadly to any online entity that may have, either now or in the future, a visitor from the European Union.

The GDPR defines ‘personal data’ as “any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

GDPR was created to protect the privacy of EU citizens, provide new digital rights and transparency to consumers, and to create clear consequences for the misuse of sensitive information.

Why is the GDPR Necessary?

The current EU privacy law (pre-GDPR) has been in place for more than 15 years. Technology has changed considerably in that time span and massively impacts our lives. 15 years ago most of us didn’t rely on some part of the internet to achieve everyday tasks. More than 1 billion people actively use social media every day. Banking, renewing drivers licenses, going to school, and even dating is now done online. Think about all the personal data that’s involved. Not a week goes by these days without hearing about a major data breach.

How does the GDPR Affect Individuals?

The implementation of the GDPR will mean that you have more control over your personal data. There will be more transparency when it comes to what businesses do with your information. And you should be able to opt out of services that keep track of your personal information. It’s important to note, however, that opting out might also mean not using the technology that we’ve grown so accustomed to using.

If I have a website in the U.S., do I have to follow the GDPR?

Strictly speaking, the answer is yes. A privacy policy is good business practice. And the GDPR’s penalties are severe. That’s why every major company has recently updated their privacy policy and asked you to provide consent.

A privacy policy is an agreement where you need to specify what personal data you collect from your users. That data can be extremely extensive – like the case of Google, Facebook, Amazon, Whole Foods, etc. – or minor – like the contact form on your website, or content on your site that appears only for repeat visitors.

Creating a privacy policy on your own is challenging – you need to understand the inner workings of your website and your policy needs to change when your website changes. New functionality on your site may necessitate updates to the privacy policy language. And then you need to post that privacy policy so that new visitors to your site see the policy and provide consent.

The good news is that I can help you. Contact me for more information.