Today the new General Data Protection Regulation (GDPR) goes into effect. It is a new set of rules and regulations that requires businesses to protect the privacy and the personal data collection of European Union (EU) citizens.
Why? If someone in the EU visits your website, you and your company are subject to the law. Many businesses and even website developers are unaware that they will have to meet at least some (if not all) of the requirements of the GDPR.
The greatest detail of the GDPR plan is requiring explicit consent. In the past it was acceptable to simply notify your users that information was being collected. Cookies were able to store information, such as user behavior, in order to customize a web page. Now with GDPR, EU users will need to give explicit consent before any personally identifiable information (PII) can be tracked, disabling many features of North American websites prior to the user clicking “accept.” To further complicate the issue, the website must be usable and able to be navigated if the user chooses to “decline” activating cookies and other features.
Additionally, users will now have to confirm consent for any form of data collection, which includes but is not limited to:
If you have not been following GDPR protocol and receiving consent for any type of EU-based client information, you will need to delete all of those collected details today (May 25, 2018).
Other notable features of the GDPR legislation will include keeping a detailed log of data corresponding to your EU-based users, as well as making their information available upon their request. Your EU-based users will also have the right to request the permanent deletion of their data. Failure to adhere to the GDPR restrictions can result in over $20 million in fines.
Here at Knucklehead, we are taking the necessary steps to bring our clients’ websites into greater GDPR compliance for three main reasons: