I recently received a bunch of emails in my inbox telling me that companies were updating their privacy policies. What’s that all about and do I need to be worried?
Good old GDPR. That’s a phrase not many people have been saying out loud. Generally, talk around GDPR from a business perspective has been laced with a level of expletives not heard since Blackbeard.
But, swear as they might, businesses will need to get behind the new set of rules governing personal information collection and retention in the European Union.
GDPR is the General Data Protection Regulation that is part of the European Union’s framework to make Europe fit for the digital age. It was enacted May 25, 2018.
What does that even mean?
In essence, GDPR is just a new set of rules designed to provide EU citizens with more control over their personal data. Not an altogether bad idea given the proclivity for data breeches and leaks of consumers’ personal information. One fundamental tenet of GDPR is consumers’ right to know when their data has been hacked.
So, what does it mean for you and your business?
According to the EU Commission, it’ll make things simpler and cheaper for businesses to operate within the region, citing a savings of €2.3 billion per year across Europe.
What if you don’t operate in Europe?
Well, turns out, this whole GDPR thing is a little tricky.
Right now, non-EU companies most likely to fall under GDPR’s scope are hospitality, travel, software services and e-commerce companies. But, ultimately any U.S. company that has identified a market in an EU country and has localized Web content should review their Web operations.
There are black holes of information available on the subject on the interwebs. But here’s the basic gist for you … be a good steward of the personal information you’re collecting, make sure you are receiving consent for everything you collect, and make sure people can easily be “forgotten” from your data collection efforts. And in the event your data is hacked … notify those impacted within 72 hours.
Don’t worry, I didn’t collect any of your personal information in the creation of my response.