General Data Protection Regulation or GDPR is a regulation that requires businesses operating on the internet to protect the privacy and personal data of EU (European Union) citizens for transactions that occur within the EU.

Here’s what every company that does business in Europe needs to know about GDPR.

In April of 2016, the European Parliament adopted the GDPR. It requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside the EU.

Why Does GDPR Exist?

The super quick answer is that the new laws exist because of consumers concerns regarding their privacy and how personal information is transmitted, stored, and shared.

Why Types of Data Does GDPR Protect?

The super quick answer is that the new laws exist because of consumers concerns regarding their privacy and how personal information is transmitted, stored, and shared.

  • Identity information such as name and address
  • Web data such as location, IP address, and cookie data
  • Health and genetic data
  • Biometric data
  • Racial or ethnic data
  • Political opinions
  • Sexual orientation

Does GDPR Affect Your Company?

Basically, any company that does business in the EU and collects, stores, and processes the personal information of people that live in the EU, you are required to abide by the new regulations.

When Does GDPR Go Into Effect?

The regulations go into effect May 25 of 2018. Unofficially, there will be a bit of a grace period while the kinks are ironed out but plan on it being enforced at some point within the first year.

Here Is A GDPR Preparation Checklist

Review data handling procedures

  • Review current mailing lists for records of consent.
  • Document all the data collection channels and steps and verify that information is being collected properly.
  • Understand the seriousness of GDPR

What to do when collecting data using websites and web forms

  • Consent, Consent, Consent!
  • Provide very clear warnings regarding what information you are collecting.
  • Include a “Cookie Consent” box.
  • Validate the country that the user resides in
  • Consider including age verification as GDPR requires parental consent to collect data on minors

Manage your contacts and leads that are in your database

  • Send your contacts in your database a new double-opt-in form to verify their consent to store and use their data
  • Create a preference area on your site where users can specify their privacy settings and what information they would like to share

Keep your privacy policy updated

  • Include clear privacy policy directions on the website, including what information is being collected, how data is stored, and how to contact the organization.

Have a data-breach plan ready

  • GDPR requires organizations to report data breaches no later than 72 hours after the organization becomes aware of the breach.
  • Have a plan!

Robert Arthur Designs proudly serves Colorado, Douglas County, Castle Rock, Highlands Ranch, the Denver Tech Center, and Denver. Contact us to find out how we can help you with your web design needs.