GDPR: What You Need to Know

GDPR: What You Need to Know

Posted on May 21, 2018 nerdymind

In case you haven't already heard, GDPR changes went into effect on Friday, May 25th, 2018. You are probably curious how these changes will affect your business, and if you need to take any kind of action…

First things first: NerdyMind does not practice law in Colorado or any other state, so it is not appropriate for us to tell you what you need to do. When it comes to compliance issues like this, we highly suggest talking to your company’s legal team or your outside legal counsel to discuss the changes that you need to make on your website. NerdyMind cannot be held liable for any fines that your company could incur due to being non-compliant with the General Data Protection Regulation (GDPR).
With the disclaimer out of the way, we can at least discuss what GDPR is, and why it applies to most companies who have a website in the United States.

What is GDPR?

Simply put, it’s a new set of rules designed to give EU (European) citizens more control over their personal information on the internet. These rules have been created to bring laws and obligations across Europe up to speed for this crazy digital age that we are living in now. Almost everything we do online (social media, apps, etc.) involves the collection and analysis of our personalized data. A group of people decided (rightly so) that if organizations across the globe are going to collect and store personal data, there should be rules and regulations around how it is collected, how it is stored, and how a company handles a data breach (more and more of these are happening every day).

What does it mean to stay in compliance?

Under the terms of GDPR, organizations will have to follow strict rules around how they are collecting data, and how they are storing it. There is a checklist here that outlines the steps to harden your GDPR compliance, but you will notice that they ALSO have a disclaimer on this page about how this checklist should not be considered “LEGAL ADVICE.” Please take those disclaimers seriously and consider discussing with a lawyer prior to going too far down the rabbit hole.

Do I need to be compliant?

The answer is probably YES. If you do business with companies in the EU, and/or experience traffic to your website from the EU – you are liable to be compliant. Someone asked me the other day: “Can’t I just block anyone coming to my website from Europe?” Sure…but if you do business with companies in Europe, you are making a pretty big business decision there.

If you have any questions, your best bet is to do some research online and talk to a lawyer about what your next steps should be. The rules go into official effect this Friday, May 25th, and we highly suggest looking into it! Here are the big things to note:

  • If you use Google Analytics on your website, you are collecting data. One of the checklist items is to have a “This website is collecting your data” notification that someone from the EU can “AGREE” to (by clicking a button).
  • If you have a contact form on your website, you are collecting personal data and likely storing it in a secure CRM (Customer Relationship Management software). That is data collection folks, and if you collect someone's data from Europe, you need to be compliant. Adding additional language to your forms before they can be submitted will be a task that many people will have to look into (including us).
  • If you have a newsletter sign-up on your website, you are collecting a personal email address, and maybe even a first/last name. That is personal data, and having additional language to your sign-up form prior to submitting will be a task that you need to look into.

So, there you have it! This is just a small sampling of what needs to be done – but we highly suggest taking a close look at GDPR, and making sure you are compliant. The fines can be quite substantial, and we don’t want any of our clients to think they are off the hook for these regulations changes! Especially our B2B clients who get leads and inquiries from European citizens.

Good luck from all of us at NerdyMind! If you need any development help with regard to implementation, please contact NerdyMind for an estimate today.