You have probably heard about GDPR (General Data Protection Regulation) recently and/or have gotten a slew of emails from different 3rd parties updating their security or information sharing policies. All of this is promoted by the new GDPR rules being rolled out and enforced in Europe. So what does it all mean and why do I care?
What is GDPR?
GDPR, at its core, gives European Union (EU) citizens greater rights to their personal data collected by all 3rd parties and implements a system for easily understanding “the rules” each company sets forth (you know that 20 page document that details out what information they collect about you and what they do with it – the one that no one ever reads since it’s all legal jargon and nearly impossible to understand). Personal data is what you think it is, but it is also things like your IP address and other back-end tech items you may not be aware of. Because of this, anyone with a presence on the Internet is affected.
Why do I care about it?
The GDPR law is in effect now in Europe, but it pertains to any EU citizen transacting business across the globe. For example, if you are a small business in Arkansas and sell something to an EU citizen, you now need to be compliant with that person’s information. Everyone expects this law, or something similar, to be adopted in other countries including the US. Implementing something now will make it easier for you to work off one set of rules for collecting, sharing, and communicating personal data.
Oh, did I mention the fines for not being compliant start at 20 million euros? This is a serious matter that all companies need to deal with in some way, shape or form. Or pay the price….
Since all of this is new to everyone, there are no “experts” out there. There is no need to panic and scramble to implement new policies and such, unless you do a lot of business with the EU. Or if you are Google, Facebook, or one of the other large Internet firms who rely on personal information. These companies will be the easy targets to work through the new laws. For most companies, you just need to understand what GDPR is all about and look in to how it may affect you. Since the web is open to anyone around the globe, you may want to implement a GDPR notification for your website. My site runs on WordPress and there are several free add-ins you can use.
It will take some time for all of this to shake out and see how the new law and rules affect everyone. In the meantime, start getting used to GDPR and look for the easy things you can do now like updating your website to comply. I would think in the next year or two, you will need to be doing something about this in earnest.
Want more information?
ZDNet and Wired have good articles on the topic, so check it out if you want more information. Here’s a site for the new law in detail.