By now, you’re probably sick of hearing about the GDPR, or the General Data Protection Regulation. Because if you’re an American business, you probably think it doesn’t apply to you.
Countries that fall within the EU and are supposed to follow the guidelines presented by GDPR. But even if you may do most of your business in the US, it’s always better to be safe than sorry when it comes to your business.
We know the whole idea of the GDPR can be overwhelming and confusing, so read on for a simple breakdown of the act so you can keep your business protected.
The General Data Protection Regulation was created by the European Union, and went into effect on May 25, 2018.
The GDPR aims to: “harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.”
The GDPR applies to anyone who collects and/or processes personal data.
Personal data is characterized as any information that identifies a living individual effectively.
Some examples include:
To put the consequences of violating the GDPR into perspective, if you violate any of the laws put forth by the act, you could be subject to up to $20 million in fines, or 4% of your worldwide turnover from the year.
For example, Facebook’s fines could be up to $109 billion for their breach of privacy.
The good news is unless you’re processing large amounts of data (like Facebook was), you’re at a lower risk of getting caught for not being compliant. But whether or not you get caught is left up to chance — staying in compliance so you don’t have to worry about it is in your control.
The biggest loss for most people if they violate the laws of the GDPR is reputational damage. You could potentially lose your clients because of an illegal use or distribution of their data.
In order to stay compliant within the GDPR, you must follow 8 Data Protection Principles when collecting data:
There are 6 ways to obtain this lawful ground:
The user has given you consent to process their data.
In the case of Facebook advertising, Facebook is the data processor and controller. To stay compliant with the GDPR, Facebook needs to acquire lawful ground for processing the data it collects.
As soon as you take the data off of Facebook’s platform and do something else with it, like adding a contact to your email list, you become the data controller and would need to acquire lawful ground for its use.
In most cases, you would probably be able to rely on “legitimate interest” as the legal grounds for acquiring and using this data.
Anytime pixels are used on your site, you must make the user aware when they land on your site.
Image via: https://www.jqueryscript.net/other/Simple-EU-Cookie-Law-Notice-Popup-Plugin-With-jQuery-Qookies.html
This popup is a great way to cover your behind when it comes to the GDPR. Although you may not think you get website visitors from the EU, chances are you’ve gotten at least one in your website’s lifetime.
Like we said before, better safe than sorry.
In the pop up, you must include:
These all fall under Principle 1: Transparency. Be transparent about what you are doing with the data, and you won’t run into any issues.
We know that all of that information can be a lot to handle.
Do you have questions about your website and want to make sure it’s up to date with these new regulations? Contact us today and we’ll make sure you are compliant or help you get there if you’re not >
Get the latest BK content delivered directly to your inbox!