The General Data Protection Regulation (GDPR) is a European Union (EU) law taking effect on May 25, 2018. The goal of GDPR is to give EU citizens control over their personal data and change the data privacy approach of organizations across the world.

 

Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU. Specific criteria for companies required to comply are:

  • A presence in an EU country.
  • No presence in the EU, but it processes personal data of European residents.

Legal Disclaimer / Disclosure

We are not lawyers. Nothing on this website should be considered legal advice. When in doubt, it’s best to consult an attorney to determine if you are in compliance with all applicable laws for your jurisdiction.

GDPR Compliant

The “Cliff Notes”

GDPR makes sure that businesses can’t go around spamming people by sending emails / newsletters that they didn’t ask for. We can’t sell people’s data without their explicit consent. We have to delete a user’s account and unsubscribe them from our email lists if the user asks. We also now have to report data breaches.

The Essentials

Explicit Consent

 

Cookies
For those who visit your website, your website browser is collecting some basic information on those visitors. The type of information may vary, it might be Google Analytics processing where the visitors are coming from as well as following them as they click through your website, or it may simply be remembering which pages they visited last time

For instance:
When you visit some sites, the server gives you a cookie that acts as your identification card. Upon each return visit to that site, your browser passes that cookie back to the server. In this way, a web server can gather information about which web pages are used the most, and which pages are gathering the most repeat hits.

or
Servers can use cookies to provide personalized web pages. When you select preferences at a site that uses this option, the server places the information in a cookie. When you return, the server uses the information in the cookie to create a customized page for you.

This was done without asking you in the past, now you have to agree to it.

Newsletters / Email Blasts
if you’re collecting personal data from an EU resident, then you must obtain explicit consent that’s specific and unambiguous.In other words, you can’t just send unsolicited emails to people who gave you their business card or filled out your website contact form because they DID NOT opt-in for your marketing newsletter.

For it to be considered explicit consent, you must require a positive opt-in (i.e no pre-ticked checkbox), contain clear wording (no legalese). You will now see an ‘opt-in” option on many forms.

Rights to Data

You must inform individuals where, why, and how their data is processed / stored. An individual has the right to download their personal data and an individual also has the right to be forgotten meaning they can ask that their data to be deleted.

When you hit Unsubscribe or ask companies to delete your profile, it now has to actually happen.

Also required is a link to where the user can learn about the companies privacy policy.

Breach Notification

Organizations must report certain types of data breaches to relevant authorities within 72 hours, unless the breach is considered harmless and poses no risk to individual data. If a breach is high-risk, then the company MUST also inform individuals who are impacted right away.

Plug-ins

All plug-ins, if they collect data or use cookies are also part of the GDPR Compliance regulations. Note that if a plug-in collects data, and the individual would like their data removed, the “plug-in” company must be informed.

Data Protection Officers

if you are a public company or process large amounts of personal information, then you must appoint a data protection officer. This is not required for small businesses. Consult an attorney if you’re in doubt.

Our Privacy Center

Notice the various elements that are essential for the GDPR regulations:

  • Consent
  • Contacting  DPO
  • Privacy Settings
  • Request Archive
  • Unsubscribe
  • Forget Me
GDPR requirements studiospinner