Have you noticed recently when you visit a website, it notifies you that they are utilizing cookes? Usually, it’s at the bottom of the page and looks like this:
This is because new legislation has been passed in Europe as well as California protecting personal data known as the General Data Protection Regulation and California Consumer Privacy Act. Here is everything you need to know to make sure your business is safe from fines and legal action.
What is GDPR?
GDPR or General Data Protection Regulation, is a law that protects the personal data and privacy for European citizens as well as non-European citizens in regards to the data that is acquired when visiting a website or processing transactions digitally. This new set of rules is designed to give people more control over their personal data.
Why is GDPR important to my business?
GDPR applies to EVERY organization that controls or processes personal data whether they’re customers or your own staff. If you collect personal data or behavioral information from someone, your company is subject to the requirements of the GDPR. This even includes basic tracking like Google Analytics or any other application that utilizes cookies. Cookies are created when you visit a website. They are used to store pieces of information about an individual’s behaviors and interactions with the website.
If I don’t do business in Europe do I need to be GDPR compliant?
Yes! On January 1st, 2020 California Consumer Privacy Act (CCPA) took effect which intended to enhance privacy rights and consumer protection for residents of California. It is only a matter of time before the rest of the United States catches up.
What happens if I violate the GDPR or CCPA regulations?
The penalties for non-compliance are rigid, including fines of up to 4% of annual revenue along with the risk that your website could be blacklisted from search listings. In addition, users may also sue for compensation if the data leak has caused financial and reputational damages.
How do I become GDPR compliant?
Make sure you have a GDPR ready privacy policy available on your website along with a terms of service.
Allow visitors to accept your cookie policy as well as your privacy policy when they arrive on your site to gain consent for tracking.
Do not send unsolicited emails via third party email marketing programs. Make sure all e-mail marketing is done via an opt in and unsubscribing is easily available.
Make sure your contact form is GDPR compliant by having a checkbox informing the visitor that this is how you will be contacting them.
Do you need more help getting your business to be GDPR compliant? We are here to help! Contact our GDPR expert today.