GDPR Compliance
If you are one of the millions of people subscribed to any online platform, news feed, or website – chances are your inbox has started to flood with privacy notifications and updates.
What is happening? On May 25th, 2018 The European Union (EU) General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC. The regulation was designed to, “harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy.”
Companies that collect data on citizens in EU countries will need to comply with strict new rules around protecting customer data starting May 25th, 2018. The GDPR is expected to set a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to comply.
“Compliance will cause some concerns and new expectations of security teams. For example, the GDPR takes a wide view of what constitutes personal identification information. Companies will need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address and Social Security number.”
What is the primary data GDPR protects? The GDPR sets standards for protecting basic identity information such as name, address and ID numbers, web data such as location, IP address, cookie data and RFID tags Health, genetic data, biometric data, racial or ethnic data, political opinions, and sexual orientation.
Not in the EU? Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU.
How do you comply? Unfortunately, the GDPR leaves much to interpretation. It says that companies must provide a “reasonable” level of protection for personal data, for example, but does not define what constitutes “reasonable.” This gives the GDPR governing body a lot of leeway when it comes to assessing fines for data breaches and non-compliance.
However, many specifics have been laid out. If you are looking to protect your users and get to up to speed with GDPR, feel free to contact us and we can help address many areas of concern. Including but not limited to your sites Terms of Service, Client Contracts, Usage Conditions, User Notifications and Alerts, and more.