How to Address the GDPR on Your Personal Website
Legal Disclaimer: I am not a lawyer. This article should NOT be considered or taken as legal advice. It's intended for informational purposes only. If possible, consult with a lawyer who understands your global online business.
+ What is the GDPR?
The GDPR (General Data Protection Regulation) is a new EU (European Union) law that goes into affect on Friday, May 25, 2018.
It is a new privacy law meant to create and maintain trust in how personal data is being collected, handled, and processed.
Personal data may include:
Tony's Translation: GDPR protects anything attached to you (or your visitor's) identity online.
+ What are the top points?
Complied by Bobby Klinck (linked below), the top six principes are that data shall be...
"...processed lawfully, fairly and in a transparent manner."
"...collected for specified, explicit, and legitimate purposes."
"...limited to what is necessary for the purpose."
"...accurate, kept up-to-date, and corrected."
"...kept so it identifies... no longer than necessary."
"...processed in a manner that ensures appropriate security."
It also includes the "Right to Erasure" or "Right to be Forgotten" - the ability to completely delete your data with any company, such as Facebook.
Tony's Translation: this is a great thing!
+ WHO DOES GDPR AFFECT?
This law is in effect when you or your audience are living or visiting the 28 countries of the EU (European Union).
The EU includes Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom (until Brexit causes them to leave in 2019).
Tony's Translation: GDPR covers anyone with a website tracking analytics, as well as an email or audience database. Side note: If you don't have an email list, whether you consider yourself a nobody or somebody, stop what you're doing and get one ASAP. Think of it as your insurance policy. This article shares why you need one.
+ WHAT DO I NEED TO DO?
+ WHAT IF I DO NOTHING?
Legally, non-compliance can be hit with large financial penalties of up to 20 million.
Tony's Translation: While I feel this law is intended to police large multi-national internet companies like Google, Facebook, MailChimp, Squarespace, Banks, etc... it covers everyone living or visiting the EU! Better safe than sorry!
+ WHERE CAN I LEARN MORE?
The GDPR is 261 pages long. The first 100+ pages are a preamble, followed by approximately 150 pages of law. I haven't read it, but I have educated myself via the following sources: