What is GDPR?
GDPR or General Data Protection Regulation is a new law that the European Union is enacting beginning May 25, 2018.
Put simply it’s a set of laws that are designed to help protect consumers. Here’s a high level overview:
- Businesses will need to explain who has access to your data, why they are collecting it, and how long they will keep the data.
- Businesses will need to get clear consent from users through an opt-in.
- Businesses will need to give users access to see, download, and delete their data.
- And in the event of a hack or security breach, they will need to inform their users.
For longer-form explanations of GDPR, you can check out our overview of data regulations in 2018, the official European Commission infographic on GDPR, and the official support post from Automattic regarding WordPress and the GDPR.
How does it affect Small Business Owners? And does this affect me in Hawaii?
Yes and no.
The GDPR is for businesses who target people in the EU. If you market your products and services to customers in the European Union, you will have to comply with the GDPR requirements. If not, you don’t have to comply with the requirements.
However, this is a best practice for your business and similar laws could be passed here in the United States, so it’s best to be prepared.
What can we do?
- Ask for the bare minimum of information.
- Tell customers why you are collecting information. “We ask for your email address so that we can send you a receipt and create a customer profile for you.”
- Have a privacy policy which details who has access to your customers information (just your business, or are you selling the information to marketers?) and how long you will keep the data (particularly for inactive accounts).
- When collecting information on an order form or contact form, be sure to include a checkbox with a link that states the customer has reviewed the Terms of Service or Privacy Policy.