GDPR. These four letters seem to be popping up everywhere, along with the onslaught of emails from companies telling us that their privacy policy has been updated. Although many of these messages contain sleep-inducing legal jargon, it’s important to know the basics of GDPR and what it means for your website and company.
Why GDPR?
The acronym stands for General Data Protection Regulation, and it went into effect on May 25th, 2018, in the European Union. The EU passed this new 2018 reform legislation to protect their citizens’ rights to their data. Even though that legislation was passed in the EU, can it affect US companies? The answer depends on your client base.
If you have any European customers, you will definitely need to be GDPR compliant. If you don’t have EU clients, GDPR is not imperative. That said, adhering to the compliance rules is a great way to earn bonus points with your other customers by showing them that you care about their data security. Your web visitors will appreciate that you’ve taken extra steps to ensure their cyber safety.
Data Protection
First of all, you should know that data protection laws in the EU are not new. They’ve been around since 1995, and the GDPR is simply an update to those laws that already exist.
Basically, the GDPR ensures that the consumer has the right to know when, where and how their data is being used by companies. If you collect any of their personal information on your website via cookies, sign-up forms or purchases, they have the right to know about it and must agree with you collecting their data.
As a consumer yourself, you benefit from this new legislation too. If you are tired of receiving spam emails from a company you signed up for 3 years ago, you can tell them that you want to be taken off their list. And now they HAVE to do it! How many times have you clicked unsubscribe to a company’s email list but still receive materials for them? Too many.
With the new GDPR legislation, businesses will have to be much more careful with how they manage and use client data. And in the same way, your company will have to respect your clients’ rights to unsubscribe from your email list.
Specific Website Requirements
Here are a couple basic tweaks you can make to update your site to be GDPR compliant:
- Add positive opt-in options to forms on your website. In order to collect personal information such as name or email address, you need explicit consent from the consumer. That means that you must include wording in your forms to let them know you’ll be collecting information and ask for their consent. It can be as simple as a checkbox they click.
- Update your Privacy Policy. Since consumers should have the right to know how their data is being used, add a section in your privacy policy called “Data Usage” that explains exactly why, when and how you will use any data you’ve collected from visitors to your site.
- Add Opt-In for Cookies. If your website collects visitors’ cookies, you’ll need to get permission for that as well. You can add a pop-up form opt-in option via WordPress.
If you’re still a bit nervous about GDPR, don’t be. Even though it became law on May 25th, there are still a lot of websites still working toward compliance. You can visit the official GDPR website or take a look at popular web hosting sites like WordPress and Hubspot, in order to learn more about what US small businesses can do to protect their visitors’ data rights.
