The General Data Protection Regulation (GDPR) went into effect May 25, 2018. As a small business owner, there are things you need to know about GDPR and why it matters for your small business website.
As a small business owner in the U.S. with already so much to do, preparing your website for General Data Protection Regulation (GDPR) is probably not at the top of your list of things to do. Many small business owners assume that the GDPR only applies to larger corporate types that conduct business overseas, not for companies with less than 100 employees. Sadly, you are mistaken.
GDPR is one of the biggest and extensive global data protection privacy laws. Your small business needs to have documents and processes in place for GDPR compliant. This data protection law applies to all European Union (EU) companies that handles consumer data, regardless of your company size, industry or your business’ country of origin.
Why Your U.S. Small Business Should Care About GDPR Compliance
As a small business, and any size business for that matter, protecting your customers data should be standard practice. While your U.S. business may not have European customers, this issue is not going away. In fact, over the coming years, regulators could decide to impose best practices for U.S. based companies as well. There are things you can do now to incorporate customer data privacy into areas of your business.
What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation in law that was passed in 2016 to standardize data protection across all 28 European Union (EU) countries. It is applicable to all data that identifies a person in the European Union that is process by an organization, person, or individual. In reality, even if your company is outside of the EU, if you use the data of EU subjects you will need to apply new ways of storing data related to:
Sexual orientation, ethnicity or race
Website cookies, web location, IP address
Biometric, healthy and genetic data
Identifying information like ID number, name, address
How the GDPR Affects Your U.S. Based Business
For U.S. based businesses marketing products on the web, using surveys, using online forms and interactions would need to ensure that the data you collect does not apply to
If your U.S. based business collects personal data or behavior information from someone in a EU country and they are in the EU at the time of data collection, your company is subject to the requirements of the GDPR. If the EU citizens is outside the EU when you collect the data, the GDPR would not apply.
As a rule of thumb for U.S. based businesses, ensure that you have incorporated a Privacy Policy and Terms of Use documents on your website. A privacy policy discloses some or all of the ways your business gathers, uses, discloses, and manages site visitors’ data. It fulfills a legal requirement to protect your users’ privacy.
Terms of Use document is a set of rules by which your site users must abide in order to use your service and/or website.
You may also enjoy reading: Facebook Favors Fast Loading Websites
About the Author
Hazel Burgess is the Founder and Creative Director of Envisager Studio, a premier website design agency specializing in WordPress website design, development and content marketing promotion. The company is based in San Diego, CA and works with companies that range from small business to enterprise level. Follow +Hazel Burgess on Google+ as well as Twitter.
Leave a Reply