The GDPR Deadline: For Early Adopters & Procrastinators
Most of you have spent a lot of time preparing for tomorrow’s GDPR Compliance deadline; to you we tip our hats and say congratulations! Just in case you want to double check that all of your bases are covered, check out this comprehensive and handy checklist. The rest of this article is for all of the procrastinators out there, who may miss the deadline by a few days!
What is GDPR?
In a nutshell, GDPR is a new data privacy regulation created by the European Union to help people have more control over their personal data and they way it is used. The regulation itself is a really long list of rules on how to handle personal data and goes into effect tomorrow, May 25th, 2018.
Now don’t think that this doesn’t apply to you because you are a US based company…if you have customers, employees or website visitors in the EU, you need to make the updates. There are major fines associated with not following these new regulations…it isn’t something any of us will want to deal with.
How to Get Compliant
Glide is NOT a law office, so please don’t mistake any information in this article as legal advice. With that being said, the process to GDPR compliance can basically be broken down into two parts (not to be misconstrued as a simple process): planning and implementation.
Planning
This is the who, what, when, where and why phase. Start by taking a long hard look at how your company is collecting, storing, using and sharing data. GDPR requires you to know and have the ability to prove each of these items. Once you’ve identified these things you can start mapping out how you will make updates to become GDPR compliant.
- WHO: Whose data are you collecting, who has access to it and who are you sharing it with?
- WHAT: What data are you collecting (names, emails, addresses, social security numbers, ID numbers, IP addresses, etc.) and what security measures are in place to protect the data collected?
- WHEN: When do you share data and when will you remove the data?
- WHERE: Where do you store personal data?
- WHY: Why are you collecting personal data and why do you share it?
Implementation
After you’ve identified the who, what, when, where and why, you can then begin to implement the necessary changes to your processes. Here are the basics:
- Consent: This is a big one! Before collecting any personal data you must receive permission to do so. This can usually be done by asking customers to agree to your terms or privacy policy before collecting any data (including form submissions, cookies, analytics, etc.).
- User’s Rights: Users have the right to ask for their data, to request their data be deleted and to use their data that you collected outside of your company.
- Security: It is imperative that you have the proper security measures in place to protect the data you collect. Not only that, but any third parties you are working with should also be GDPR compliant. If a breach ever does occur you will only have 72 hours to report it to your customers and the Data Protection Officer (if your company is required to appoint one).
- New Roles: According to the GDPR you will need to appoint a Data Protection Officer, or DPO, if your company’s “core activities involve processing of sensitive data on a large scale or involve large scale, regular and systematic monitoring of individuals.”
To review the full list of regulations please visit the European Commission.
Helpful Resources
- The European Commission
- Tips for WordPress Users
- Compliance checklist
- Beginners guide
- Does GDPR apply to your non-EU business
If you have more questions please don’t hesitate to ask, we can help! Contact us today.