On closer inspection, you might have noticed that it’s a European regulation and, being outside of the EU, concluded that the General Data Protection Regulation (EU) 2016/679 doesn’t apply to you, but if you or your business ever collect information from EU citizens: it does.
It’s not just for Europeans
Being in the Australian website business, we know that most of our clients won’t be significantly impacted by their obligations under the GDPR, but if your blog welcomes comments from Europeans, or your website contains a contact form that Europeans can complete, or you sell products a European might buy, it’s a good idea to familiarise yourself with how GDPR compliance might affect you.
Here’s a very simple and non-comprehensive list of what the GDPR requires (not to be mistaken for legal advice, of course):
- full transparency about what you will do with customer data (before it is provided to you)
- secure storage of customer data
- customer access to all of the data you hold that relates to them
- customer rights to have you delete all of the data you hold that relates to them
- 72 hours maximum to disclose any customer data breaches
Chances are you’re already compliant with most of these regulations, and they’re worth adopting for all of your customers anyway. But if this is your first time hearing about the GDPR, 2 days before enforcement officially begins, don’t panic. According to this article in The Verge, which referenced this report, more than half of US and EU companies are currently non-compliant. You still have time to get on top of this.
If you use WordPress and/or WooCommerce, as many of our clients do, you will likely benefit from this landing page on the WooCommerce website. It steps you through the relevant regulations and will assist you in taking any necessary next steps to achieve GDPR compliance. You might also want to check out this post from WordPress, which is a good introduction to GDPR-related steps being taken within WordPress itself.
If you have any concerns about your website’s GDPR compliance or privacy measures in general, we’re here to help.