Yes, you need to comply with the General Data Protection Regulation (GDPR) if you run a website or commerce site. The regulation has been in place since the spring of 2018. However, many business owners are just now realizing the importance of being compliant. Anyone who is located in the European Union should already know by now that it's necessary to have a website that is fully GDPR compliant. However, it's also important to understand how this regulation applies to you even if you're in a different part of the world.
What is your responsibility according to GDPR? The requirement is in place to protect customer and personal data. Here's a look at the core privacy requirements:
● Consent for data processing. The business must gain consent from the person to process their data. That means that, if you process personal data when a person visits your website, you must first get their consent.
● Anonymous data-collection methods. The GDPR does not apply to anonymous data collection.
● SSL/HSSTPS. All information transmitted on your website (ex. contact form), must be SSL-Encrypted
● Notifications in the event of a data breach. If your site experiences a data breach, you must notify anyone affected.
● Safe data handling and transfers. You are required to safely handle and transfer personal data.
It's true that GDPR technically only applies within the European Union. However, GDPR really has global implications. That means that it will impact the way you do business regardless of where you're located. Why is that? Any company that sells or markets products and services to residents in the European Union is subject to GDPR. That means that you could be found in violation if customers from the European Union visit or shop from your website. Even a simple portfolio could be considered a "marketing" asset when it's accessed by a client in the United Kingdom.
What Are the Consequences of Non-Compliance?
Unfortunately, companies that get caught failing to comply with GDPR face some serious fines. In fact, the cap on fines is 4 percent of a company's total global turnover for the preceding fiscal year. Google just received its second fine for non-compliance. The penalty for the internet giant was $6.7 million this time around. This was an entirely avoidable and unnecessary loss.
How to Comply With GDPR
Businesses have plenty of resources for becoming compliant with GDPR. The first step is just becoming familiar with what is folded into GDPR guidelines. This is a good way to ensure that you're making future decisions based on compliance requirements. The other step is to monitor the way your website handles data. This will require you to take a deep look at the tools you use to collect and store data. Your checklist for a compliance checkup should include things like cookies, data storage and opt-in features.