This quick blog post is not comprehensive and is not written from a stance of expertise. It is meant to alert Addapt members to an issue that might affect their businesses and to offer a potential first step towards getting better information and possibly expert help.
The General Data Protection Regulation is a set of rules established by the European Union to better protect the privacy and data rights of EU citizens. It was ratified in 2016, it’s in full effect on May 25th, 2018, and while it is an EU regulation, it can affect you and your business.
In a nutshell, GDPR requires companies to be very transparent about the collection of personal data and the use of that data, and to make it very easy for EU citizens to refuse data collection and to have their data deleted. Noncompliance can mean big fines.
Determining this is very complex and is an article unto itself. Here are some quick guidelines:
If you’re selling products or services to countries in the EU, you probably need to get compliant. If you’re doing this online, then absolutely you need to be compliant.
If you’re buying products and services from EU countries, you might have to get GDPR compliant.
If you do online marketing and collect email addresses and other personal data, and you have EU citizens on your mailing lists and in your database, you need to get compliant.
If you have EU citizens hitting your website and you’re tracking visitors by setting a cookie, then you need to get compliant.
If you’re part of a multinational then chances are GDPR has already been addressed and you don’t have to do anything. If your firm regularly sells in Europe then chances are someone has at least heard of GDPR in your organization. If you occasionally sell to the EU you should look into compliance. If you do any internet or email marketing then you should click on a few links below and update your privacy policy and a few other things to get compliant. If you aren’t internet marketing then you have a whole different problem to address, which is basically why you aren’t taking advantage one of the best ways ever to grow your business.
Getting compliant can range from spending millions and hiring a Data Protection Officer to spending just about nothing and getting an updated Privacy Policy on your website. Below are some resources that go into a lot more detail about this topic.
As stated earlier, this article isn’t meant to be comprehensive and full of expertise. It’s a “heads up.” The resources below were chosen because they’re easy to read and understand, get to the salient points quickly, and are immediately actionable.
A general idea of how GDPR affects American Companies
https://www.hanzo.co/blog/what-us-companies-need-to-know-about-the-gdpr
A summary of GDPR
https://www.dataiq.co.uk/blog/summary-eu-general-data-protection-regulation
A compliance plan outline – useful information
https://termsfeed.com/blog/gdpr-compliance-plan/
A GDPR compliant privacy policy is something that a lot of you might need – it isn’t a bad idea in general if you’ve got a website.
https://termsfeed.com/blog/gdpr-privacy-policy/#Examples_of_GDPR-Compliant_Privacy_Policies