Like many, the CYBERsprout team has spent a lot of time recently researching to learn more about GDPR, the latest data privacy law coming to the European Union. While we are not legal professionals and can not claim to offer official advice, we thought it helpful to summarize what we have learned from various sources in an effort to share how it applies to your website.
Table of Contents
What is GDPR?
The General Data Protection Regulation, more commonly referred to by its acronym GDPR, is a new set of regulations adopted and enforced by the European Union (EU). The goal of GDPR is to address data protection, privacy, and data rights. Its intention is to give individuals specific rights over their personal data – including the right to access their data, to correct their data, to restrict their data, and to delete their data. Like many regulations it does include specific penalties for non-compliance. These fines aside, it is good business practice to protect data collected from visitors.
Here are some official sources for those interested in learning more about the specifics of this regulation:
Who does GDPR impact?
While we would like to say that it only affects businesses in the European Union (EU), the truth is that the terms of GDPR have global impact. Its application includes all websites that could potentially collect information from individuals in the EU. Since websites most often don’t have physical or geographical boundaries for visitors, residents of the European Union have the potential of interacting with and supplying personal information that would be protected by GDPR. This means that websites hosted in other countries (including the United States) are still bound to the rules of GDPR when used by EU residents.
What is considered personal data?
In its most basic form, personal data is any data that could be used to identify an individual. Examples of this type of data include*; name, photo, email address, address, birthday, social media account, phone number, IP address, or even a cookie ID. This list is not meant to be exhaustive but instead intended to highlight where a website may be capturing personal data.
Website updates to consider for GDPR
Here is a list of updates worth considering when determining how to prepare your website for these regulations*.
- Ensure that your website includes encryption and other security protections
- Ask individuals to resubscribe to email lists to capture consent
- Collect consent on website forms/posts/comments that store personal information
- Document what information you collect, when it was collected, where information you collect is stored and how it is used. Also note any 3rd party with whom you share information
- Have a plan in place for managing requests for data or requests to delete
- Make sure that your site is setup with monitoring to alert you to any potential data breach
How can CYBERsprout help?
As we mentioned earlier, we are not legal professionals. While we want to help our friends and partners the best we can, this means knowing when to recommend that they talk with trained professionals about GDPR questions or concerns. As the website owner, you retain ownership of the website and all of its contents as well as its data processing. If you have questions or concerns, please reach out to a legal professional you trust to review your situation and create a list of recommendations to implement.
Once you have identified updates that may be needed to your site, we are happy to help implement those changes on your current CYBERsprout site or discuss including the updates in a site redesign with CYBERsprout. Please note that these updates will fall under our standard development rates unless you have contracted retainer services. It is also worth saying that each of you is extremely important to us and that some of these updates may take some time to complete. With this in mind we feel it is only fair that we provide service on a first come – first serve basis as requested.
To arrange for assistance, please email firstname.lastname@example.org.
* These lists are not intended to be exhaustive and don’t claim to be comprehensive. The goal is to provide examples of common items and used for illustration.