“Any technological advance can be dangerous. The fire was dangerous from the start, and so (even more so) was speech - and both are still dangerous to this day - but human beings would not be human without them.”
― Isaac Asimov
The ever-growing dynamic of the internet is changing, just like everything else. New GDPR policies are forcing a new type of online environment with both pros and cons, and as professionals in the online world, we must also grow and adapt to this new change.
What Is GDPR?
General Data Protection Regulation is a European policy created in 2016 to help regulate the online data of its users. As of May 2018, the full force of the new legislation has fallen into place, and companies are now seeing the full effects of what this means. In short, the primary objective of this new policy is:
- Bringing together laws and regulations across the EU regarding the sharing of information.
- Company rights to customer information and their obligations to them.
- Privacy rights of everyday people and the data they create online.
Company Obligations
Companies must let their customers know when what, and why they are collecting their data. All of the collected data needs encrypting from the get-go in a way that can’t ever lead back to the actual person. Customers have a right to know all the data that is being kept on them so companies must also back up all the data held on them. For large-scale companies, a data protection officer, DPO, must look over compliance and protection. If there is ever a data breach companies must also inform authorities within 72 hours about it, although they do not have to inform their customers. “This will mean that consent will need to be explicitly given, and that companies will have to detail the exact purpose for which customers’ data will be used.”
Rights of the people
For those concerned about what kind of information a company may be keeping on them, there are a few things that they can do. Since companies must keep a data backup of everything they have, their customers can call them and ask what they have. They can also tell companies that they would like their data deleted.
What Are The Fines For Not Being GDPR Compliant?
Many companies affected by this new policy have their sites shut down. Being blocked is the least of your worries too, the harsher punishment is a big fat fine of either 4% of annual global turnover, or €20 million(roughly $23 million US), whichever number is higher. That’s a lot of money to spend on not adjusting to the new policies. One of the most famous icons of the internet got hit with one of these fines. Google, fined $57 Million for, “lack of transparency, inadequate information and lack of valid consent regarding ads personalization.” So not even one of the most well-known players out there is immune to these changes.
Does GDPR Compliance Affect American Websites?
Now many are wondering how this might affect websites on our side of the pond. If you are a company that has any traffic from the EU, then your company is affected. So it is crucial that not just the companies in the EU change their ways, but also us as well. So what kind of precautions do American websites have to take to stay compliant? Well, all information about:
- Identification information: name, telephone, physical and email address, and government ID numbers
- Website data: location, IP address, cookie histories, and RFID tags
- Health, mental and genetic data
- Biometric data
- Racial, cultural, or ethnic information
- Political opinions
- Sexual orientation
- Tagged photos
Just like companies in the EU, American sites must provide the same level of care to their EU customers. Any violated policies by the company will lead to a fine.
How to be GDPR Compliant
For those that do retain traffic from EU citizens, there are a few things to follow to avoid a fine. Listed below are the basic necessary steps:
- First, users must be aware of the taken information.
- Users get told about the use of their information.
- Protection of all information according to GDPR Rules.
- All Site Forms must include:
- Disclaimer on the use of their collected data.
- There must be an un-ticked opt-in checkbox
- Easy access opt-out or unsubscribe
- Adding a cookie alert banner letting consumers know about the tracking of their information
- Cookie Banners should lead to an updated privacy policy using GDPR terminology.
- The law prohibits the use of information from opt-out customers.
- It’s recommended to send an email to all customers asking them to opt-in and updating them on the new policies.
If you follow these steps, you can be well on your way to being GDPR compliant. Even if you own a company that may not have any traffic from the EU, it would still be a good practice to follow these new policies.
Embracing the new GDPR Internet
GDPR can mean a significant new change to the internet. Many users have lost faith in the security of their information on the world web. This new policy is forcing companies to re-evaluate the protections of their customers in a way that restores that trust. With information theft on the rise, it’s vital that people know about information use and to be able to opt-out if they don’t feel comfortable with it. So embracing this change instead of fighting it will only help better the future of the internet. Big companies like IBM say that “over 60% of business leaders see GDPR as a blessing in disguise: a way to drive digital transformation across the enterprise and innovate new data-centric business models”. With others following suit, a brand new and safer internet could be in the near future.