On May 25th, 2018, The EU General Data Protection Regulation(GDPR) went into effect. Many of our United States’ based clients may be scratching their heads wondering how this affects them. While this European regulation doesn’t affect you directly, it’s a sign of the recent transparency efforts worldwide regarding online privacy and data protection for consumers. It may not have a direct impact on you right now, but you should future-proof your online presence now so you don’t have to worry about it later.
What is the GDPR?
The GDPR is a data protection regulation that affects the entire European Union. Giant companies like Facebook, Google and Equifax, collect data on their users every day and then sell that data to other companies. Often times, the terms of this data brokering is hidden behind policies that the average person can find confusing and unclear. But we agree to the terms anyway.
The GDPR aims to make these practices more clear and give the user control of how these companies use our data. We should be informed as to how this data will be obtained and used, and if we do not like it, should have the ability to decline consent. Want to take back consent or delete the data they’ve collected? You should be able to, and the GDPR aims to allow this.
How will the GDPR affect my United States based business?
If your website collects data from overseas customers than you are 100% subject to the terms of the GDPR, but if your only focus is local business, you will still feel the effects of this. While there are some flaws in the GDPR, the overall goal of it is very important in this day and age. Having a clear data collection policy for your users to read will prepare you for potential, future US-based data policies, give your users trust in submitting data to you, and make you more credible than many local competitors who will not be ahead of the curve and prepared for this shift in privacy transparency.
What You Should Do
- Determine your data protection policy: A data protection policy is more of a company guideline for how data is controlled, stored, who has access to it, and how they are able to access it. If you collect a users address, and they request access to that data, what type of authentication will you require from them to confirm their identification?
- Start being transparent about how you use customer’s data. If you’re a restaurant and you collect customer emails to use strictly for emailing purposes, let them know exactly how you will be using those email addresses. Your customers will appreciate this information and feel safer supplying it to you.
If you need help getting started with data and privacy policies, there’s a ton of great, free resources out there. So, don’t fret! Just check out these websites.