There are important new regulations concerning privacy and security for visitors to your website that you need to know about. This could require you to make changes to your site and your operational policies to comply with the new law.
What is GDPR?
As of May 25, 2018, the EU’s General Data Protection Regulation will begin to enforce strict new regulations on Personally Identifying Information (PII) and data security, called GDPR, (General Data Protection Regulation). EU-based or multinational corporations that do business in the EU are likely in compliance with GDPR as of today. But U.S. companies like yours also need to take note of the new law and guidelines.
Article 3 of the GDPR says that if you collect personal data or behavioral information from someone in an EU country, your company is subject to the requirements of the GDPR. The law only applies if the data subjects–consumers–that are in the EU when the data is collected.
If the organization collects any “personal data” then the data would have to be protected within the GDPR guidelines.
What does this mean for you?
If you are not able to do this immediately and you fall under these regulations, a quick fix for businesses not actively seeking European customers is to block traffic from EU Nations.
Please Note: We do not believe any additional changes are required on any of our customer websites as of today. However, if you do business with residents of the EU, please let us know.
We will be making adjustments to our forms, templates and best practices to ensure future websites are all in compliance with GDPR for all of our customers moving forward.
For more information, or if you have a concern about how GDPR affects you, feel free to contact me with the information below.
Here is a great article from Forbes about how GDPR affects American businesses.