What is the General Data Protection Regulation?
The General Data Protection Regulation (GDPR) is European Union legislation that focuses on data protection and privacy within the European Union but more importantly, it extends its coverage to include foreign entities that handle data of European Union residents.
What if We’re Just Hearing About This?
While GDPR was formally adopted a couple of years back in 2016, a two-year runway allowed for time to implement changes to accommodate its requirements, becoming officially “enforceable” on May 25, 2018. Replacing a previous directive called the “Data Protection Directive,” the GDPR isn’t subject to individual approval by each member nation and instead, is simply valid by virtue of being a European Union regulation.
The GDPR and Your Company
The GDPR’s key goal is to standardize the control policies of users with respect to their data. It remains to be seen how effective it will be however one of its guiding principles is to provide a uniform platform for handling customer data such as consent, social activity, stored credit card information, right of access/erasure, data portability, and even B2B marketing. You may not have any clients or sales to European Union member countries however it’s important to be aware that you may eventually need to consider GDPR in future transactions.
Some key definitions of the new law:
- Data Subject: Any citizen of the European Union. Remember, it applies to clients who may not even be in the EU but may have EU citizenship.
- Data Controller: Any entity be that a business or an individual who owns or operates a website
- Personal Data: Name, handles, social media contacts, addresses, and any identifying information
- Data Processor or Third-Party Processor: Any entity or personal that provides you with data which could include a newsletter service, outside provider, hosting company, etc… even plugins and contact forms fall under this area.
- Data Transfer Outside of EU: Oh boy. This one is a quite a doozy and is pretty far-reaching so it’s worth spending some time to understand what it means given its scope.
There are many resources that cover the GDPR and its various nuances when it comes to providers, consumers, employees, and even grey areas.