GDPR, What You Need To Know!

On May 25, 2018 new regulations went into place within the European Union that pertain to online data collection.

If you collect or manage any European Union citizen’s data you must comply with the new GDPR regulation.

Here’s the gist of what you need to do:

1. Request consent from every user before any data collection takes place.

   (i.e. Name/Email address from a contact form where you plan to store the data in a database)

2. Have a clear written privacy policy that informs users as to how collected data will be stored and used.

   (You can generate a privacy policy here: https://termsfeed.com/privacy-policy/generator/)

3. Allow users to update/edit the data that you store for them

   (i.e. opt-out button or form).

4. Provide users a way to purge this data from your database.

What might be affected on your website:

• Your contact form if you store users data in the database.
• Your email list if you are adding users to an email list without an opt-in request, this would need to be corrected.
• Your online store, where you are likely collecting and storing users information.

Take a look at the steps Drio has taken to comply with the GDPR:

1. We added a link to our privacy policy
2. We added forms for people who leave us messages in our contact form to request that we delete their data or export their data, you will see these forms within our privacy policy.
3. Finally, we have allowed existing mailchimp subscribers to update their email preferences.

Again, this is only affecting those who may collect European Union citizen’s data.  If your business only operates locally, then it is unlikely to be affected.  If you operate globally, but don’t know if you are collecting European Union citizen’s data, it would be best to take steps to be in compliance.

**Penalization for noncompliance comes in the form of tiered fines that scale to the severity of the violation. Fines cap at 4% of annual turnover or €20 million, whichever is greater.**