EU GDPR Compliance
The New EU GDPR Compliance Law have websites scrambling to update the way they collect, store and use website visitor information. As an American business with a website online, you might be surprised to find that the new European Law will affect your business. Because the law governs the collection of personal data in Europe, parts of this law can do damage to your business if you don’t bring your website into compliance.
The EU my not be able to collect any fines issued to your company but they can ban your website from all EU Countries. I am not a lawyer, so I cannot tell you anything other than, the EU can block your website. They can levy fines, but I do not know if any US Court would enforce it.
I think it is only good business to compile with this new issue. If you are using a website running the current version of WordPress, you are already in compliance with the software part of this law. I recommend checking with your plugin developers to see if the plugins are complying. A few plugins I recommend that I know are in compliance are; WooCommerce, SEO Yoast, WPForms and MonsterInsights.
Data Protection
New rules for how you handle your user information will affect your American business if you have visitors from the EU. This is a great thing for individuals from the EU, but it imposes some rules, that I consider to be good business, but will regulate the way you collect and use data collected from the EU.
The General Data Protection Regulation (GDPR) is a European Union (EU) law that took effect May 25, 2018. The stated goal of GDPR is to “give EU citizens control over their personal data and change the data privacy approach of organizations across the world”.
What to Do
Inform
Tell Your VisitorsInform
Use plain language.
Tell them who you are
when you request the data.
Say why you are processing
their data, how long it will
be stored and who receives it.
Consent
Ask Before You CollectConsent
Get their clear consent
to process the data.
Collecting from children
for social media?
Check age limit for
parental consent.
Access
Give Visitors ControlAccess
Let people
access their data
and move it
to where
they want.
Warnings
Disclose Data BreachesWarnings
Inform people
of data breaches
if there is a
serious risk
to them.
Erase Data
Remove Data When AskedErase Data
Give people
the ‘right to be forgotten’.
Erase their personal data
if they ask,
but only if it doesn’t compromise
freedom of expression
or the ability to research.
Profiling
Inform Your CustomersProfiling
Inform your customers.
Make sure you have a person, not a machine, checking the process if the application ends in a refusal.
Offer the applicant the right to contest the decision.
Marketing
Opt Out OptionsMarketing
Give people the
right to opt out of
direct marketing
that uses their
data.
Safeguard
Protect Sensitive DataSafeguard
Use extra safeguards
for information on:
health
race
sexual orientation
religion
political beliefs
Who Must Comply
Because the internet is international and EU citizens can visit, every website that tracks the number of visitors to their website, collects email signup lists or sells products to the EU will fall under these guidelines.
Compliance for WordPress users is easy. Just add a disclaimer that you are collecting info and how you use it should bring your website into compliance. These measures are not new to the internet and have been a part of good website design before the law was passed.
As an American business it is questionable if the fines could be imposed in America. If you sell a product or service online to the EU, you are required to obey any laws the EU imposes on your EU Sales.
As a small business in America, you may be able to avoid the fine for non-compliance, but they can still block your domain name from all EU countries.
My expectations are that most of the world follows the EU and will start work on their own laws.