Ever wondered how much information the websites you visit save about you? Many websites have utilized browser fingerprinting as an extremely accurate way to identify and track your information. The European Union, wary of this nefarious method of bypassing cookie blockers, is implementing the General Data Protection Regulation as a means of covering this covert data collection and punishing websites that violate it.
What is GDPR?
The General Data Protection Regulation is a regulation in the EU law standardizing data protection laws across all 28 European countries on the internet. The GDPR aims to impose stricter laws on protecting the personal data of Europeans, and companies that violate it are subject to stiff fines and penalties.
What does the GDPR protect?
The GDPR aims to protect a multitude of privacy and data protection, for consumers in Europe, such as
- Mandating the consent of subjects for data processing
- For ultimate privacy, collected data remains anonymous
- Notifying consumers when data is breached
- Ensuring the safe transfer of data across borders
The GDPR affects all companies who deal with EU residents, such as offering goods, services, or processing their personal data, regardless of their geographical location. Organizations who do not comply with the GDPR will be penalized for misconduct.
Why should US companies care?
As mentioned before, the GDPR concerns all companies who offer goods and services or monitor the behavior of EU residents. Some organizations aren’t even aware that the GDPR applies to them! Fines for violating the GDPR can be steep–they can be as high as $23,433,000 dollars, or 4% of a company’s total revenue, so ensuring that your company obeys the GDPR is vital.
Many companies, especially US companies, are scrambling to become compliant before the GDPR deadline, and “Very few companies are going to be 100 percent compliant on May 25th,” according to Jason Straight, an attorney at United Lex, a company that helps businesses set up GDPR compliance.
GDPR focuses on eliminating vague language on websites that collect more personal information, or data from its consumers than they let on. This also includes dispelling of companies that bundle consent for a few things on their websites too.
“”If you have a page of different consent, and saying by clicking here you consent to lots of things, that will be wrong. You need to be able to apply that consent individually,” says Harry Small, a partner at Baker & McKenzie law firm about GDPR.
For companies with connections to European clients, it will be essential to be GDPR compliant when the law launches on May 25, 2018.
How do I make sure my website is GDPR compliant?
There are a few steps you can take to make sure your website avoids GDPR violation. Here is our checklist to making sure your website is GDPR compliant!
- Make sure everyone in your company is familiar with GDPR.
Brief your employees about GDPR. Make sure to emphasize the ramifications of violating GDPR–the hefty fines and reputation damage you will be met with if your website isn’t compliant.
- Assess your business practices to make sure they’re more secure.
You can hire a third party to audit your business practices and ensure compliance, receiving suggestions and recommendations to make your website as risk-free as possible.
- Develop a process for reporting a data breach.
Any breach of data or loss should be reported within 72 hours of occurring. Developing a protocol will make it easier for your company to quickly report a breach.
- Do your policies and procedures honor consumer’s digital rights?
Under the GDPR improves digital rights for consumers. This includes
- Right to access
Meaning consumers can request information from data controllers about the whereabouts, processing, and reason for collecting their data.
- Right to being forgotten
Consumers have the right to request erasure of their data if they believe the reason for collecting it is no longer relevant, or consumers simply want to rescind their consent.
- Right to Data Portability
Data subjects enjoy the right to demand their data from data controllers, and are allowed to send it to other controllers.
- Right to access
How can we help?
The policies and guidelines of GDPR can be overwhelming, complex, and time consuming, so a much easier option for your business may be hiring a third party to look over your website and help with the GDPR transition process. Contact Jordan Creative for more information on hiring third party consultants and GDPR.