Gdpr general data protection regulation. Eu computer safeguard regulations and data encryption vector concept. Illustration of control access, encryption legislation and protect privacy

What’s With All These Privacy Policy Notifications?

Unless you’ve been under a rock during the past couple weeks you’ve definitely noticed the flood of notifications about privacy policies, and/or the GDPR. But what is really going on? How does it affect you? And is there anything your business needs to do?

To answer, let’s explore what’s really going on.

What Is the GDPR?
The General Data Protection Regulation (GDPR) is a new set of rules that is designed to give European Union residents more control over their personal data. With the increased amount of time people spend online, and in light of the recent data breaches and information scandals surrounding tech giants like Facebook, the EU’s goal is to ensure that their residents know who has their information, and what is being done with it.

How Does This Affect Me Personally?
Even if you are not an EU resident, the GDPR has clearly had an affect on your online life. Any company that does business internationally must comply to the GDPR, and many have chosen to comply, or partially comply, to the regulations for international users, not just EU residents. This means that for social media platforms like Facebook, and marketing platforms like Google Analytics, you will now have access to more fine-tuned privacy and data-management settings. In addition you will be getting lots of privacy policy notifications (but you already knew that).

How Does This Affect My Business?
How the GDPR affects your business comes down to two questions: Do you collect users’ data, and do any of your users live in the EU? If you do not collect any data than the GDPR likely does not affect your business. If you do collect data (think email lists, customer files, invoices, etc…) than the GDPR will affect you if any of that data belongs to EU residents. If it does, or if there is a possibility that you will collect data from EU residents in the future, you will want to make sure you are compliant – else you may face fines and penalties.

How Can I Be Sure I Am Compliant?
Ensuring compliance will take some elbow grease. In a nutshell, you will need to be sure that all of your information technology vendors have strict information governance policies in place. If you haven’t heard from them already, contact your Email Service Provider (Mailchimp, Constant Contact, etc…), your Analytics provider (Google Analytics, Hotjar, etc…), as well as the creators of any proprietary software, or any other platform that user data may live, and ask about their GDPR compliance plan.

Of course, there is much to compliance, and if you manage large volumes of international client data there is a good chance you have some work ahead of you. A good place to start is by reading ZDNet’s Five-Step GDPR Preparation Checklist.