Earlier this year the European Union enacted the General Data Protection Regulation—known as GDPR.
The purpose of the General Data Protection Regulation (GDPR) is to give European Union citizens more control over their personal data and to protect their private data. As a resident of the United States, if you are marketing to any European Union country, or if you attract website traffic from the EU, GDPR does affect you.
Protecting the privacy of visitors to your website is always a good idea, but if want to make sure you are GDPR compliant, you should take time to familiarize yourself with the rules. In a nutshell, GDPR does not prohibit saving of personal data to your website database, it just requires that you get consent before doing so.
Here are a few ways to bring your website into compliance:
- Make sure your Privacy Policy is up-to-date. The Privacy Policy explains to visitors how you collect data and how long you hold onto it. If you don’t have a privacy policy on your website, you should add one.
- Get permission to collect user data on your contact forms or on newsletter signups by adding a required checkbox that says, “I consent to my submitted data being collected and stored.”
- Use a Cookie Consent Form if you collecting data via Google Analytics, Facebook Pixels or similar tracking mechanisms.
- Part of GDPR compliance also requires that users are able to request that personal data be removed from your database. There are different ways to accomplish this, but of most importance is to explain to website visitors how to contact the person responsible for data management.
- Keep stored data secure. This is accomplished by keeping security software on your website that includes a firewall. Additionally, it is important to keep website software up-to-date. Outdated software leaves your website vulnerable to hackers. It is also good practice to use security software on any computer that is used to access your computer.
I don’t market to EU customers, do I need to be GDPR compliant?
I have clients that have noticed a drop in newsletter sign ups due to the extra consent check box. Also, it is well know that any kind of pop-up on a website is a deterrent to website visitors. Enabling GDPR protections on your site is an important decision. As a United States based website marketing to US citizens, the benefit of not enabling the extra protections may be better for your business. But if you attract website visitors from the EU, you should seriously consider adding the extra protections required for GDPR compliance.
While we are not attorneys, nor can we provide legal assistance, if you have additional questions about GDPR compliance or need help implementing changes, please contact us.