This is a very short summary, but we hope it will shed some light on this mysterious new beast.
Jump to:
A short summary of GDPR
The General Data Protection Regulation (GDPR) is a very large, very wide reaching and very tough new set of rules with a very severe set of financial penalties, brought in by the EU that govern the way Personal Data is captured and processed. In particular, the rules focus on having a valid legal basis for gathering and processing Personal Data, which include reasons such as Contract, and Consent.
The definition of Personal Data has also been greatly expanded and now covers any information that may be used to identify a ‘natural person’ - which includes obscure technical things such as browser tracking cookies and IP address (computer location on the internet). This means that if you have so much as a contact form on your site, mailing list sign up, or even use web monitoring platforms like Google Analytics, you’ll probably fall in scope of the GDPR and it’s militant penalties.
Users must also be provided with tools to request, update, download or delete every single piece of data and meta-data pertaining to them that you possess, including data you have provided to, or host with third parties and other applications.
Interestingly, perhaps worryingly, the regulations are retro-active, which means all the data you’ve already collected is also in scope and must be considered.
What are the penalties?
The penalties for non-compliance with GDPR are extremely severe. For serious offences (which includes improper consent), up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher.
The GDPR comes into full effect, with full penalties applicable, from May 25th 2018.
How can I protect myself?
If you’re based outside the EU, and are happy to forgo your European website visitors in exchange for mitigating your compliance risk, then you can start by simply installing our EU Visitor Blocker tool and updating your terms (we’ll help you). This will remove 99% of your risk in just a few minutes.
If you’re inside the EU, or want to continue serving EU visitors, you’ll need to get compliant ASAP, before May 25th 2018 if possible. EziGDPR will shortly be releasing a very affordable suite of tools to guide your website to compliance.
Sign up to our mailing list to be notified as soon as it’s available.
In the mean time, you should begin a data flow audit to identify what data you capture, what data you already have, and what you do with it, including third parties you pass it along to or use for processing.
If you're not going to be compliant by May 25th, you might still consider installing our EU Visitor Blocker to cover yourself while you finish getting ready.
There is a lot to do to become compliant, but we can help.