New European privacy laws affect US websites, companies and businesses.
We ARE NOT attorneys and this is not legal advice. We encourage you to consult your attorney for advice on how this may affect you.
No doubt you’ve noticed you’ve been getting a lot of email and notifications from companies you do business with about their updated privacy policies. You may wonder why you have been seeing all this information. The reason is that the European Union’s General Data Protection Regulation is going into effect on May 25th.
What is GDPR?
[From Wikipedia] The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. The GDPR aims primarily to give control to citizens and residents over their personal data.
In a recent article from CNBC discussing how GDPR applies to US companies, the main points of GDPR are stated:
- Consumers will have a right to be informed about the collection of their information.
- People will also have the right to access their information via a subject access request and companies must provide this within a month. If any data is inaccurate, companies must correct it.
- Consumers have the right to have their information erased, also known as the right to be forgotten. They can also ask for their data to be restricted: companies can store data but not use it.
- People will be able to move or copy personal information from one source to another, known as data portability.
- Consumers will have the right to object about how their data is used — including for direct marketing. They can also object to profiling, when companies automatically process data to make assumptions about a person for marketing.
Get more information on GDPR
View a brief presentation on GDPR by Heather Solos Bergman of Feedblitz which she gave at our WordPress Users Group meeting this week. Heather helped make this much clearer to me and all of our attendees.
What is covered by GDPR?
GDPR applies to Personally Identifiable Information where ability identify someone is direct and indirect.
Direct Personally Identifiable Information (PII) is for example: Email Address, Name, Social, Date of Birth. Then there is indirect Personally Identifiable Information such as IP address and cookies (collected by Google Analytics or other services which provide data about how people use your website).
Do these things to gain your customer’s consent
If you have collected information in the past from people which you are using for marketing, it would be wise to request their re-consent to your use of their information to contact them for any purpose. You must also ensure that the data you collect is secure and you have to be able to erase any PII on any customer or user.
Photo by Isaiah Rustad on Unsplash