The General Data Protection Regulation (GDPR) compliance deadline is May 25, 2018. Is your website ready?
What is the GDPR? If you haven’t yet heard of the GDPR, it’s a European Union regulation going into effect on May 25, 2018. It is meant to strengthen data protection policies for residents of EU member nations. Noble cause, right? Penalties for non-compliance are stiff – €20mm or 4% of your worldwide revenue, whichever is greater. Not to mention potentially messy lawsuits. No one knows yet how discerning the audits will be, but if Getty Images taught us anything, there’s no target too small. Don’t want to take on the GDPR alone? Get in touch with us.
“My business doesn’t operate in the EU, so my website doesn’t have to be compliant, right?”
Sorry to burst your bubble, but your website does still have to be compliant with the GDPR. There is a misconception that if you don’t operate in the EU, or target EU residents, that this regulation doesn’t apply to you. However, if your website has a chance of collecting personal identifiable data from an EU resident, this applies to your website. You heard that right – this regulation affects most websites online today, including yours.
Website Compliance – The Basics
If you’re already overwhelmed or concerned about preparing your site for the GDPR, you can reply to this email now and we’ll get back to you ASAP to start game-planning. If you’d like to arm yourself with some basics first, and see if this is something you can tackle internally, here are some tips for you. This list is by no means exhaustive, but will get you rolling towards a GDPR compliant site.
1. Read up on the basics of the GDPR.
2. Consult your attorney or legal team to ensure you’re planning on doing all the right things for GDPR compliance, as some steps extend past your website.
4. Ensure that every form on your website – comments, contact, registration, newsletter signup – includes an unchecked checkbox with clear consent copy along side it. And that the box must be checked by the user before the form is submitted.
5. Understand all of the places you collect and store user data on your website, and have a plan for providing it to any user and for deleting it – as an individual may request that at any time.
6. Understand what third parties you may be sending user data to (Mailchimp, Hubspot, Salesforce, Stripe, for example), and read up on their GDPR compliance efforts and special steps you may have to take with those services to ensure your own compliance.
Get C2’s Help With GDPR Compliance
C2 Creative Studio has already prepared a handful of client sites for the GDPR in conjunction with onsite staff and legal teams. We’d love to help you too. Simply contact us, and we’ll get back to you ASAP to set up a GDPR compliance kickoff call with your team.