In May of 2018, the European Union put the General Data Protection Regulation (GDPR) into effect.
Soon afterwards, the United States and other countries began implementing privacy policies and laws that closely mirrored the regulations outlined in the GDPR requirements.
Remember that your business does not have to be based in the EU in order to be held to the obligations of the GDPR. If you collect/track the data of any site visitor or consumer from the EU, you must follow the GDPR.
We know — the GDPR is complicated. Often, it can be especially difficult for American companies to understand whether or not they’re fully GDPR compliant.
However, the fees for violating these privacy laws can be quite steep.
Read on to learn more about how to follow the data privacy and collection guidelines specified in the GDPR. These steps can help ensure you’re GDPR compliant. (Please consult your lawyer for detailed instructions on how you can become GDPR compliant – do not consider this legal advice).
1. Provide Privacy Notices
A foundational step towards helping ensure you’re GDPR compliant is to send out and/or update privacy notices to your clients regarding your collection of their personal data.
In this sense, “personal data” refers to any kind of personal information about an individual. It doesn’t matter whether this information is public, private, or relates to an individual’s professional life in some way.
Personal data can include things like their home and email address, browser history and IP address, medical information, bank information, and even posts on social media.
The privacy notices should tell your customers/site visitors why you’re collecting their data, what you plan to do with it, how long you’ll have it, where you’ll store it, and how they can access it.
Additionally, remember that clients need to confirm that they accept and understand the fact that you’re seeing and potentially sharing their personal data. It’s not enough to offer that they can “opt out” of this — in order to be compliant with the GDPR, they must actively confirm that they understand and choose to “opt-in” (you cannot pre-fill a box that they could inadvertently opt-in through – it must be unchecked by default.)
Remember that you’ll not only need to be able to follow the requirements of GDPR but also to prove that you’re in compliance at all times.