(The following is adapted from a recent newsletter that I sent out via the ‘Milani Five-0.’)
I wish this was a fun, post. Lot’s has been happening and according to the farmers almanac, Sunday was the time to plant and our garden is booming. I wish I was using this email to talk about the big changes in our yard after getting inspired from our trip to Mendocino (where I taught a workshop). But alas, this is all about the big EU data protection regulation and what you need to know about it, and what actions you may need to take. Let’s ‘dig’ in.
GDPR (General Data Protection Regulation) — What is it & what does it mean for you?
If you’ve heard or seen the emails, you might be concerned or likely confused. The European Union’s new data regulations go into effect May 25th, 2018. Even though this new regulation is EU based it has worldwide impact because your website(s) are likely global.
In short, GDPR’s purpose is to give people more power to protect their personal data, and it requires businesses who collect that data — whether it be names, addresses, email addresses, phone, IP, etc — more transparency on when and how it’s used.
Here is what you need to do:
- Tell them who you are when you collect any data,
- Get clear consent to process their data,
- Allow people to access their data,
- Inform people of data breaches,
- Give people the right to be forgotten,
- Give people the option to opt out of direct marketing that uses their data,
- If you use “Profiling” to process applications there’s a bunch of new rules,
- Use extra safeguards for sensitive info like health, race and more.
There are a few more nuances to these new regulations, like transferring data between compliant and non-compliant countries. Overall, I think this is a positive thing to protect people’s data and it was inevitable.
What should you do?
Case Study: ryanmilani.com
Ultimately, you should audit your own data collection process, and look for ways to comply asap. Note that many plugins and third party platforms have released statements on how they are complying. A simple search “(company/platform) + GDPR” will give you information on what you need to be aware of.
Good luck and let me know if I can support!