As you may have heard, the EU has a new regulation that will be changing how websites handle their users’ privacy — this new regulation is being referred to as the General Data Protection Regulation (GDPR).
If you’re wondering if this could affect your site, since you, your company and its customers are U.S. based, it could. It can affect any website that uses Google Analytics, has a contact form on it, or has any type of sign-up option. This covers about 99.5% of all websites on the internet at this time!
What is GDPR?
- Any data that can be used as identifiable information for a visitor falls under the GDPR. This includes but is not limited to name, email address, sex, race, age, address, phone number, IP address, and birth date.
- It requires that consent is given explicitly. If you have the opt-in box checked by default for your visitors, it needs to be changed so that it is unmarked by default.
- Parental consent will be required to process any and all personal data of children under the age of 16. This can vary per member state (country) in the EU, but it can not be below the age of 13.
- It gives the visitor the right to know what information is being stored about them and why it is being stored.
- It gives visitors the right to have their information removed at their request.
- If any data is ever lost, stolen, or accessed without permission, the authorities must be notified within 72 hours of the breach becoming known, along with every single person whose data was accessed.
- Any new site must be built with privacy in mind. Data requests should be strictly controlled and only given when required.
- Data can only be used for the reason it was given at the time it was given. Then it must be securely deleted when the data is no longer needed.
- A visitor can request their information at any time, transfer that data, or have it removed.
- It also allows national authorities to impose fines on companies breaching the regulation.
View our GDPR Compliance Checklist
and see if it applies to your website.
Why is GDPR compliance important?
The GDPR is put in place to protect both visitors to a site and the site owner. It ensures that any and all information is given with expressed consent and is being used in the manner it was intended to be used. Also, while it is only a European law now, there has been talk that it’s only a matter of time before it will become a U.S. law.
There are many who think they can simply block EU IP addresses from accessing their site, but that’s not good practice. Many people now use VPNs to access the internet more securely. This could mean that some people in the states could not access your site but an EU person could still access your site using a VPN that is using a U.S.-based IP address.
How to Make Your Site GDPR Friendly
The best (and easiest) thing to do is to make your site GDPR friendly. Thrive can help you with that!
First and foremost, your Privacy Policy should be updated. You can update it yourself, or we can help draft a GDPR-friendly policy.
Thrive can also audit your site and review what type of information it’s collecting. Plus, we can assist with adding and configuring the plugins necessary for site visitors to see what information you have saved on your site about them, and remove it if they choose.
Have questions or need help in evaluating your site? Give us a call at 866-908-4748 or head to our contact page to get in touch.
