Industry News Update: Europe’s General Data Protection Regulation (GDPR) and Your Website

A new European Union regulation called the General Data Protection Regulation, or GDPR, has been garnering national media attention in the US lately. To help our clients understand these regulations, we’ve put together a brief overview of what these regulations mean, how to determine if it effects your organization, and what steps you may want to take towards compliance.  

What does GDPR cover? 

This regulation intends to grant consumers protection on their personal data and higher levels of data privacy. In a nutshell, GDPR strives to enforce a concept “privacy by design” which requires organizations to gain specific permission to store personal data, clearly state how they will utilize the data, and have mechanisms for consumers to request that their data be deleted. 

GDPR is an EU regulation, does it affect my organization?

GDPR applies to any business or organization that has either customers, donors or employees that are residents in the EU. If your operations are 100% US, consider this development one less thing to worry about! However, feel free to continue reading to learn how your organization can adopt the most progressive data protection policies that may eventually make their way into US-based laws or regulations.

We have customers from the EU, what should we be doing?

The overarching recommendation would be for you to review how you are collecting information, what you are doing with it, and ensure that these processes meet the GDPR guidelines. Although the following is not an exhaustive list for compliance, here are a few actionable recommendations as it relates to your website that you should consider:

1. Update your privacy policy, or if you don’t have one, add one to your website. Gone are the days where privacy policies be 20 pages of legalese that you need a PhD to understand! GDPR specifies that the language contained in privacy policies must be easily understandable by the average consumer. Here is a handy checklist for the scope of what should be included in privacy policies. Feel free to contact Full Media if you need assistance generating a list of 3rd party tracking tools, such as Google Analytics, that your website utilizes, but we recommend you consult your attorney for finalizing the privacy policy language your website. 
2. If you are using website visitor submitted contact information from contact forms, e-commerce sales, etc. for newsletters or other solicitations, the forms need to have an opt-in checkbox. An important distinction is that the checkbox must be disabled by default, allowing the consumer to actively opt-in now. These opt-in boxes should also be granular and specific to what the client will receive.
3. Your FullPanel or WordPress website will likely store information submitted from contact forms by default. The long-term storage of this information is regulated under GDPR and will vary depending on the reason the information was collected. There are several options to achieve GDPR compliance with the storage of this information in your website including wiping the information from the website database or switching forms to GDPR-compliant 3rd party tools.  Contact our Support Team to discuss alternatives that may be best for your organization. 

Full Media team members are experts in their fields but are not attorneys. This news update is for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to solicit recommendations with respect to if/how your organization should strive for GDPR compliance.