April 8, 2018
This quick blog post is not comprehensive and is not written from a stance of expertise. It is meant to alert Addapt members to an issue that might affect their businesses and to offer a potential first step towards getting better information and possibly expert help.
What is GDPR
The General Data Protection Regulation is a set of rules established by the European Union to better protect the privacy and data rights of EU citizens. It was ratified in 2016, it’s in full effect on May 25th, 2018, and while it is an EU regulation, it can affect you and your business.
What does GDPR do?
In a nutshell, GDPR requires companies to be very transparent about the collection of personal data and the use of that data, and to make it very easy for EU citizens to refuse data collection and to have their data deleted. Noncompliance can mean big fines.
Am I affected?
Determining this is very complex and is an article unto itself. Here are some quick guidelines:
If you’re selling products or services to countries in the EU, you probably need to get compliant. If you’re doing this online, then absolutely you need to be compliant.
If you’re buying products and services from EU countries, you might have to get GDPR compliant.
If you do online marketing and collect email addresses and other personal data, and you have EU citizens on your mailing lists and in your database, you need to get compliant.
If you have EU citizens hitting your website and you’re tracking visitors by setting a cookie, then you need to get compliant.
Getting Compliant with GDPR
As stated earlier, this article isn’t meant to be comprehensive and full of expertise. It’s a “heads up.” The resources below were chosen because they’re easy to read and understand, get to the salient points quickly, and are immediately actionable.
A general idea of how GDPR affects American Companies
A compliance plan outline – useful information