YYou may have noticed a massive amount of emails flooding your inbox asking you to confirm email subscriptions or review privacy policies. This is the result of a new law known as GDPR.
And if you have a business website, you need to take action.
What is GDPR Anyway?
The General Data Protection Regulation (GDPR) is a new law passed by the European Union to put everyday citizens in control of their personal data. The regulation requires any personally identifiable information for anyone within the EU to be handled with strict security and privacy measures in place. It also requires companies to notify users of any data breach within 72 hours of discovery.
This law went into effect on May 25, 2018.
But, I’m not in Europe.
Even if your business is 100% in the United States, this law still affects you.
The regulation applies to any information collected about citizens of the European Union. This includes, but is not limited to:
- Contact Forms
- User Accounts
- E-Commerce Shopping Carts
- Payment Information
- Analytics
- IP Address
- Photos
- Comments
- Social Media Accounts
Since your website can be accessed by anyone on the planet, you need to be in compliance. Fines for non-compliance can be as much as 4% of your annual revenues.
What Should I Do About GDPR?
On the surface, GDPR compliance sounds like a very complicated thing. But, don’t panic. There a few things you can do to protect yourself and your visitors.
Talk with Your Lawyer
Let me state clearly that I am not a lawyer. This information should not, in any way, replace legal advice by a professional attorney. Your business and data collection may differ from ours, which may require additional information in your privacy policy or additional actions for your organization.
1. Review Your Data
Any data your collect from people visiting your site must have a legitimate purpose. It must be collected and stored securely. If your site doesn’t have this little green lock icon in the browser bar, you should not be collecting any personally identifiable information.
Now’s also a good time to review any old plugins or site features that may no longer be in use.
2. Check Your Security
It’s always a good idea to make sure your site hasn’t been hacked. But, now it’s more important than ever.
GDPR requires that you notify users within 72 hours if their information has been compromised in any way.
Escape Plan hosting accounts are constantly monitored for malicious activity and include a free secure certificate to protect your users. Your own web host may or may not include this with your service. We also use a series of trusted security plugins to prevent attacks on our WordPress websites.
If you’re not sure whether your site is protected, contact us below.
3. Update Your Privacy Policy
Your privacy policy lets visitors know exactly what information you collect and how it will be used. It’s typically spelled out clearly on a page of your website that users can easily get to.
You can view Escape Plan Marketing’s Privacy Policy here.
Many small businesses think they’re exempt from this or simply don’t know they need it. It doesn’t matter how small your business is. If you have a website, you need a privacy policy.
