You may have noticed a large influx of emails from the companies who often send you coupons, newsletters, or sales offers. Many of these emails have the subject “Updates to Our Privacy Policy,” “Changes to Our Privacy Policy,” or even “Keep in Touch.”
This is because of the new European Union (EU) General Data Protection Regulation (GDPR) that went into effect May 25th, 2018. This law has actually been in legislation for over a year, but just went into effect. The motivation: Users are becoming more and more uncomfortable with the fact that when they are looking at things online, online is looking back. There have been concerns about the use of user data for years, but the EU is one of the first to do something about it, and companies need to react or risk some large fines.
Changes the GDPR Brings
All in all, the main purpose of the GDPR is to give control back to users while protecting their information. Now companies who have audiences, customers, and users in Europe must be clear, be transparent, and use easy-to-understand language on their Privacy Policies. The changes to law within the GDPR are giving users 8 rights:
- Transparency: Informing users in advance of the purposes for collecting/storing data and for how long
- Access: Allowing users to check what information is stored in their account
- Rectification: Allowing users to fix incorrect information
- Forgettability/Erasure: Giving users the right to contact companies to delete certain data
- Restriction of Processing: Requiring companies to minimize data collection by only asking for info that’s needed to provide services, and deleting data when no it’s longer needed
- Data Portability: Giving users the ability to transfer user data over to other services for their own purposes
- Objection: Allowing users to give more specific consent for how their data is used (e.g. to promotional emails) and the ability to retract consent (e.g. unsubscribe)
- Control Over Automation: Letting users decide whether or not they can be profiled to receive automated, targeted marketing
As you can see with this list, the main theme is choice. Before, users did not have much choice in who had their data and what those people did with it. It seemed they only had two choices, let business have their data and use the service, or not use the service at all. With the complexity and length of most privacy policies, most users did not take the time to read and understand what they were signing up for. It is these business standards that have gotten companies like Facebook in trouble, and that motivated the EU to create these laws.
What You Need to Do
The GDPR is legislation, so it’s not a simple document that’s easy to read and follow (which is ironic, considering its goals). But it does clearly state what it expects from businesses depending on your company’s size, your company’s data practices, and your company’s reach. Here are a few steps you can take to help make sure you are on the right side of this law.
Determine Which Rules Apply to You
First you must see which parts of the GDPR rules apply to you, or whether they apply to you at all. Things you should consider include:
- Do I have users or practice business in Europe?
- Do I collect and/or store user data?
- Do I clearly explain what information is collected and how users can control their data?
Consult Your Legal Team & Audit Your Practices
Given the complexities of these laws, a thorough review of the GDPR from your legal team and a look at your business’ data practices will help you determine what changes, if any, need to be made. Let the experts take the lead in determining if there are any holes you need to fill to avoid fines.
Review Your Terms & Conditions and Privacy Policy
As a final step, reviewing your privacy policy to make sure it follows the standards of the GDPR is key. This may need to be done after a discussion with your legal counsel, but you will more than likely need to make edits to your privacy policy.
As users become more and more educated about what goes on behind the scenes within Internet companies, more laws may come into effect to protect users. More discussions will occur about whether or not these laws are a hindrance to business, but nonetheless, the GDPR is a big step. Businesses must be vigilant to follow any new laws are being passed, as well as pay attention to user attitudes overall, because it is clear that issues of personal data, data storage, and data use will continue to be important to your customers. So, you must be ready to react, whether that means upgrading data storage security, halting the storage of user data, or even stopping advertising in Europe overall.
If you need any assistance in website updates to comply with the GDPR, like adding a cookie notification or additional consent options on your contact form, Marstudio would be more than happy to assist you in all of your website functionality needs. Please contact us for more information.
Share this Post