EU GDPR Compliance

The New EU GDPR Compliance Law have websites scrambling to update the way they collect, store and use website visitor information.  As an American business with a website online, you might be surprised to find that the new European Law will affect your business.   Because the law governs the collection of personal data in Europe, parts of this law can do damage to your business if you don’t bring your website into compliance.

The EU my not be able to collect any fines issued to your company but they can ban your website from all EU Countries.  I am not a lawyer, so I cannot tell you anything other than, the EU can block your website.  They can levy fines, but I do not know if any US Court would enforce it.

I think it is only good business to compile with this new issue.  If you are using a website running the current version of WordPress, you are already in compliance with the software part of this law.  I recommend checking with your plugin developers to see if the plugins are complying.  A few plugins I recommend that I know are in compliance are; WooCommerce, SEO Yoast, WPForms and MonsterInsights.

Data Protection

EU GDPR Compliance

New rules for how you handle your user information will affect your American business if you have visitors from the EU. This is a great thing for individuals from the EU, but it imposes some rules, that I consider to be good business, but will regulate the way you collect and use data collected from the EU.

The General Data Protection Regulation (GDPR) is a European Union (EU) law that took effect May 25, 2018. The stated goal of GDPR is to “give EU citizens control over their personal data and change the data privacy approach of organizations across the world”.

What to Do

Inform

Tell Your Visitors

Inform

Use plain language.

Tell them who you are
when you request the data.

Say why you are processing
their data, how long it will
be stored and who receives it.

Consent

Ask Before You Collect

Consent

Get their clear consent
to process the data.

Collecting from children
for social media?

Check age limit for
parental consent.

Access

Give Visitors Control

Access

Let people

access their data

and move it

to where

they want.

Warnings

Disclose Data Breaches

Warnings

Inform people

of data breaches

if there is a

serious risk

to them.

Erase Data

Remove Data When Asked

Erase Data

Give people
the ‘right to be forgotten’.

Erase their personal data
if they ask,
but only if it doesn’t compromise
freedom of expression
or the ability to research.

Profiling

Inform Your Customers

Profiling

Inform your customers.

Make sure you have a person, not a machine, checking the process if the application ends in a refusal.

Offer the applicant the right to contest the decision.

Marketing

Opt Out Options

Marketing

Give people the

right to opt out of

direct marketing

that uses their

data.

Safeguard

Protect Sensitive Data

Safeguard

Use extra safeguards
for information on:

health
race
sexual orientation
religion
political beliefs

Who Must Comply

Because the internet is international and EU citizens can visit, every website that tracks the number of visitors to their website, collects email signup lists or sells products to the EU will fall under these guidelines.

Compliance for WordPress users is easy.  Just add a disclaimer that you are collecting info and how you use it should bring your website into compliance.  These measures are not new to the internet and have been a part of good website design before the law was passed.

As an American business it is questionable if the fines could be imposed in America.  If you sell a product or service online to the EU, you are required to obey any laws the EU imposes on your EU Sales.

As a small business in America, you may be able to avoid the fine for non-compliance, but they can still block your domain name from all EU countries.

My expectations are that most of the world follows the EU and will start work on their own laws.